Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.03319
Percentile:
0.86739
CVSS Scoring
CVSS v2 Score: 10.0
Severity:
Mapped CWE(s)
-
CWE-94
: Improper Control of Generation of Code ('Code Injection')
All CAPEC(s)
-
CAPEC-242: Code Injection
-
CAPEC-35: Leverage Executable Code in Non-Executable Files
-
CAPEC-77: Manipulating User-Controlled Variables
CAPEC(s) with Mapped TTPs
-
CAPEC-35: Leverage Executable Code in Non-Executable Files
Mapped TTPs:
Mapped ATT&CK TTPs
-
T1027.006
: HTML Smuggling
Kill Chain: defense-evasion
-
T1027.009
: Embedded Payloads
Kill Chain: defense-evasion
-
T1564.009
: Resource Forking
Kill Chain: defense-evasion
Malware
APTs Threat Group Associations
Campaigns
Affected Products
- cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*
- cpe:2.3:a:twiki:twiki:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:twiki:twiki:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:twiki:twiki:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:twiki:twiki:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:twiki:twiki:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:twiki:twiki:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:twiki:twiki:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:twiki:twiki:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:twiki:twiki:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:twiki:twiki:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:twiki:twiki:4.2.2:*:*:*:*:*:*:*
← Back to Home