CVE-2005-2877

TWiki 02-Sep-2004 and earlier - Remote Code Execution via Rev Parameter Shell Metacharacter Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2005-2877. PoCs published by Metasploit, JChristophFuchs, B4dP4nd4, including Metasploit module exploits/unix/webapp/twiki_history.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in TWiki's history component by manipulating the 'rev' parameter in the TWikiUsers script to execute arbitrary OS commands.

Description

The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappsphp
https://www.exploit-db.com/exploits/16892

This Metasploit module exploits a command injection vulnerability in TWiki's history component by manipulating the 'rev' parameter in the TWikiUsers script to execute arbitrary OS commands.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TWiki (versions affected by CVE-2005-2877)
No auth needed
Prerequisites: Network access to the TWiki instance · TWiki bin directory must be writable for the check function
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by JChristophFuchs · textwebappsphp
https://www.exploit-db.com/exploits/26302

This exploit leverages a command injection vulnerability in TWiki's TWikiUsers script by using the backtick shell metacharacter in the rev parameter to execute arbitrary commands. The provided example demonstrates reading /etc/passwd, but it can be adapted for remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TWiki (version not specified, likely older versions)
No auth needed
Prerequisites: Access to the TWikiUsers script · Ability to craft a malicious URI
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by B4dP4nd4 · textwebappsphp
https://www.exploit-db.com/exploits/26260

The exploit leverages a command injection vulnerability in TWiki's TWikiUsers script via the 'rev' parameter. The backtick shell metacharacter allows arbitrary command execution, demonstrated by injecting 'less /etc/passwd'.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TWiki (version not specified)
No auth needed
Prerequisites: Access to the TWikiUsers script via HTTP
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by B4dP4nd4, jduck · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/twiki_history.rb

This Metasploit module exploits a command injection vulnerability in TWiki's history component by manipulating the 'rev' parameter in the TWikiUsers script. It allows arbitrary OS command execution in the context of the web server.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TWiki (versions affected by CVE-2005-2877)
No auth needed
Prerequisites: Network access to the TWiki instance · TWiki bin directory path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112680475417550&w=2
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/757181
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14834

Scores

EPSS 0.7110
EPSS Percentile 99.3%

Details

Status published
Products (5)
twiki/twiki 2000-12-01
twiki/twiki 2001-12-01
twiki/twiki 2003-02-01
twiki/twiki 2004-09-01
twiki/twiki 2004-09-02
Published Sep 16, 2005
Tracked Since Feb 18, 2026