CVE-2014-7237

Published: Oct 16, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code.

Affected (2)

Products: Twiki: Twiki · Microsoft: Windows

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Twiki Twiki	Up to 6.0.0
Microsoft Windows	All versions

Related CWEs

References (8)

http://seclists.org/fulldisclosure/2014/Oct/45

Source: cve@mitre.org

Exploit

http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237

Source: cve@mitre.org

Exploit

http://www.securitytracker.com/id/1030982

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/96952

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2014/Oct/45

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securitytracker.com/id/1030982

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/96952

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.