CVE-2004-1037

TWiki 20030201 - Remote Code Execution via Search Function Shell Metacharacters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2004-1037. PoCs published by Metasploit, RoMaNSoFt, jduck, including Metasploit module exploits/unix/webapp/twiki_search.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in TWiki's search function (CVE-2004-1037) by injecting shell metacharacters into the 'search' parameter of the WebSearch script, allowing arbitrary command execution.

Description

The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappsphp
https://www.exploit-db.com/exploits/16894

This Metasploit module exploits a command injection vulnerability in TWiki's search function (CVE-2004-1037) by injecting shell metacharacters into the 'search' parameter of the WebSearch script, allowing arbitrary command execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TWiki (versions prior to the fix for CVE-2004-1037)
No auth needed
Prerequisites: Network access to the TWiki instance · TWiki search functionality enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by RoMaNSoFt · perlwebappscgi
https://www.exploit-db.com/exploits/642

This Perl script exploits a command injection vulnerability in TWiki's search functionality (CVE-2004-1037) to achieve remote code execution. It supports both GET and POST methods, proxy configurations, and can create a PHP shell or provide a pseudo-interactive shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: TWiki (version not specified, but likely older versions)
No auth needed
Prerequisites: Access to the TWiki search CGI endpoint · Perl environment with LWP::UserAgent module
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by jduck · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/twiki_search.rb

This Metasploit module exploits a command injection vulnerability in TWiki's search function by injecting shell metacharacters into the 'search' parameter of the WebSearch script, allowing arbitrary command execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TWiki (versions affected by CVE-2004-1037)
No auth needed
Prerequisites: Network access to the TWiki instance · TWiki search functionality enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000918
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11674
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18062
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/bugtraq/2004-11/0201.html
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200411-33.xml
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110037207516456&w=2
Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/p-039.shtml

Scores

EPSS 0.6167
EPSS Percentile 99.1%

Details

Status published
Products (2)
gentoo/linux
twiki/twiki 2003-02-01
Published Mar 01, 2005
Tracked Since Feb 18, 2026