CVE-2012-6330

Foswiki MAKETEXT Remote Command Execution

Title source: metasploit

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-6330. PoCs published by Metasploit, Brian Carlson, juan vazquez, including Metasploit module exploits/unix/webapp/foswiki_maketext.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Foswiki's MAKETEXT variable, which passes unsanitized input to Perl's eval function. It allows remote command execution on vulnerable Foswiki installations with localization enabled.

Description

The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteunix

https://www.exploit-db.com/exploits/23580

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in Foswiki's MAKETEXT variable, which passes unsanitized input to Perl's eval function. It allows remote command execution on vulnerable Foswiki installations with localization enabled.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Foswiki 1.1.5 and earlier

No auth needed

Prerequisites: Foswiki with UserInterfaceInternationalisation enabled · Access to edit a page (anonymous or authenticated)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Brian Carlson, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/foswiki_maketext.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2012-6330, a command injection vulnerability in Foswiki's MAKETEXT variable due to unsanitized input passed to Perl's eval function. It allows remote command execution on vulnerable Foswiki installations with localization enabled.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Foswiki <= 1.1.6

No auth needed

Prerequisites: Foswiki with UserInterfaceInternationalisation enabled · Network access to the Foswiki instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329

Product mailing-list x_refsource_mlist

http://sourceforge.net/mailarchive/message.php?msg_id=30219695

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/56950

Scores

EPSS 0.7325

EPSS Percentile 98.8%

Details

CWE

CWE-189

Status published

Products (16)

foswiki/foswiki 1.0.0

foswiki/foswiki 1.0.1

foswiki/foswiki 1.0.2

foswiki/foswiki 1.0.3

foswiki/foswiki 1.0.4

foswiki/foswiki 1.0.10

foswiki/foswiki 1.1.0

foswiki/foswiki 1.1.1

foswiki/foswiki 1.1.2

foswiki/foswiki 1.1.3

... and 6 more

Published Jan 04, 2013

Tracked Since Feb 18, 2026