CVE-2012-6330

Foswiki MAKETEXT Remote Command Execution

Title source: metasploit

Description

The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteunix

https://www.exploit-db.com/exploits/23580

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Brian Carlson, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/foswiki_maketext.rb

View Code ZIP pw:eip

References (3)

[Product] http://sourceforge.net/mailarchive/message.php?msg_id=30219695

[Vendor Advisory] http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/56950

Scores

EPSS 0.7325

EPSS Percentile 98.8%

Details

CWE

CWE-189

Status published

Products (16)

foswiki/foswiki 1.0.0

foswiki/foswiki 1.0.1

foswiki/foswiki 1.0.2

foswiki/foswiki 1.0.3

foswiki/foswiki 1.0.4

foswiki/foswiki 1.0.10

foswiki/foswiki 1.1.0

foswiki/foswiki 1.1.1

foswiki/foswiki 1.1.2

foswiki/foswiki 1.1.3

... and 6 more

Published Jan 04, 2013

Tracked Since Feb 18, 2026