FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

twiki -- remote Perl code execution

Affected packages
twiki < 5.1.4_1,1

Details

VuXML ID 21ce1840-6107-11e4-9e84-0022156e8794
Discovery 2014-10-09
Entry 2014-10-31

TWiki developers report:

The debugenableplugins request parameter allows arbitrary Perl code execution.

Using an HTTP GET request towards a TWiki server, add a specially crafted debugenableplugins request parameter to TWiki's view script (typically port 80/TCP). Prior authentication may or may not be necessary.

A remote attacker can execute arbitrary Perl code to view and modify any file the webserver user has access to.

Example: http://www.example.com/do/view/Main/WebHome?debugenableplugins=BackupRestorePlugin%3bprint("Content-Type:text/html\r\n\r\nVulnerable!")%3bexit

The TWiki site is vulnerable if you see a page with text "Vulnerable!".

References

CVE Name CVE-2014-7236
URL http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236