// For flags

CVE-2012-6329

Foswiki MAKETEXT - Remote Command Execution

Severity Score

10.0
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

5
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.

La función _compile en Maketext.pm en la implementación de Locale::Maketext en Perl anteriores a v5.17.7 no gestionan de forma adecuada los slash cruzados (\) y lo nombres de métodos cualificados durante la compilación o notación de comillas, lo que permite a atacantes dependiendo del contexto a ejecutar comandos a través de entradas manipulados sobre una aplicación que acepta la traslación de cadenas desde usuarios, como se demostró por la aplicación TWiki anteriores a v5.1.3, y la aplicación Foswiki v1.0.x hasta v1.0.10 y v1.1.x hasta v1.1.6.

Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially-crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-12-10 CVE Reserved
  • 2012-12-15 CVE Published
  • 2012-12-15 First Exploit
  • 2024-08-06 CVE Updated
  • 2025-05-06 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (23)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
<= 5.16.2
Search vendor "Perl" for product "Perl" and version " <= 5.16.2"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.10
Search vendor "Perl" for product "Perl" and version "5.10"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.10.0
Search vendor "Perl" for product "Perl" and version "5.10.0"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.10.0
Search vendor "Perl" for product "Perl" and version "5.10.0"
rc1
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.10.0
Search vendor "Perl" for product "Perl" and version "5.10.0"
rc2
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.10.1
Search vendor "Perl" for product "Perl" and version "5.10.1"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.10.1
Search vendor "Perl" for product "Perl" and version "5.10.1"
rc1
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.10.1
Search vendor "Perl" for product "Perl" and version "5.10.1"
rc2
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.11.0
Search vendor "Perl" for product "Perl" and version "5.11.0"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.11.1
Search vendor "Perl" for product "Perl" and version "5.11.1"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.11.2
Search vendor "Perl" for product "Perl" and version "5.11.2"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.11.3
Search vendor "Perl" for product "Perl" and version "5.11.3"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.11.4
Search vendor "Perl" for product "Perl" and version "5.11.4"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.11.5
Search vendor "Perl" for product "Perl" and version "5.11.5"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.0
Search vendor "Perl" for product "Perl" and version "5.12.0"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.0
Search vendor "Perl" for product "Perl" and version "5.12.0"
rc0
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.0
Search vendor "Perl" for product "Perl" and version "5.12.0"
rc1
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.0
Search vendor "Perl" for product "Perl" and version "5.12.0"
rc2
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.0
Search vendor "Perl" for product "Perl" and version "5.12.0"
rc3
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.0
Search vendor "Perl" for product "Perl" and version "5.12.0"
rc4
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.0
Search vendor "Perl" for product "Perl" and version "5.12.0"
rc5
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.1
Search vendor "Perl" for product "Perl" and version "5.12.1"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.1
Search vendor "Perl" for product "Perl" and version "5.12.1"
rc1
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.1
Search vendor "Perl" for product "Perl" and version "5.12.1"
rc2
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.2
Search vendor "Perl" for product "Perl" and version "5.12.2"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.2
Search vendor "Perl" for product "Perl" and version "5.12.2"
rc1
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.3
Search vendor "Perl" for product "Perl" and version "5.12.3"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.3
Search vendor "Perl" for product "Perl" and version "5.12.3"
rc1
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.3
Search vendor "Perl" for product "Perl" and version "5.12.3"
rc2
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.12.3
Search vendor "Perl" for product "Perl" and version "5.12.3"
rc3
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.0
Search vendor "Perl" for product "Perl" and version "5.13.0"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.1
Search vendor "Perl" for product "Perl" and version "5.13.1"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.2
Search vendor "Perl" for product "Perl" and version "5.13.2"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.3
Search vendor "Perl" for product "Perl" and version "5.13.3"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.4
Search vendor "Perl" for product "Perl" and version "5.13.4"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.5
Search vendor "Perl" for product "Perl" and version "5.13.5"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.6
Search vendor "Perl" for product "Perl" and version "5.13.6"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.7
Search vendor "Perl" for product "Perl" and version "5.13.7"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.8
Search vendor "Perl" for product "Perl" and version "5.13.8"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.9
Search vendor "Perl" for product "Perl" and version "5.13.9"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.10
Search vendor "Perl" for product "Perl" and version "5.13.10"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.13.11
Search vendor "Perl" for product "Perl" and version "5.13.11"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.14.0
Search vendor "Perl" for product "Perl" and version "5.14.0"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.14.0
Search vendor "Perl" for product "Perl" and version "5.14.0"
rc1
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.14.0
Search vendor "Perl" for product "Perl" and version "5.14.0"
rc2
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.14.0
Search vendor "Perl" for product "Perl" and version "5.14.0"
rc3
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.14.1
Search vendor "Perl" for product "Perl" and version "5.14.1"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.14.2
Search vendor "Perl" for product "Perl" and version "5.14.2"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.14.3
Search vendor "Perl" for product "Perl" and version "5.14.3"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.16.0
Search vendor "Perl" for product "Perl" and version "5.16.0"
-
Affected
Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.16.1
Search vendor "Perl" for product "Perl" and version "5.16.1"
-
Affected