From Secunia: 1) Input passed to the "URLPARAM" TWiki variable is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "SEARCH" parameter is not properly sanitised before being used in an "eval()" call. This can be exploited to inject and execute commands via specially crafted HTTP GET requests containing the backtick operator. Solution: Update to version 4.2.4.
*** Bug 250550 has been marked as a duplicate of this bug. ***
CVE-2008-5304 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5304): Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable. CVE-2008-5305 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5305): Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable. CVE-2008-5306 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5306): SQL injection vulnerability in admin/index.php in PG Real Estate Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter (username). NOTE: some of these details are obtained from third party information. Whiteboard ~1 is correct, as remote execution of perl code is possible.
www-apps/twiki-4.2.4 is in the tree. 4.2.3 has been removed. webapps done.
Guess we're done here.
