search menu icon-carat-right cmu-wordmark

CERT Coordination Center

TWiki does not properly sanitize URI parameters

Vulnerability Note VU#757181

Original Release Date: 2005-09-20 | Last Revised: 2005-10-04


A lack of input validation in the TWiki revision control function may allow a remote, unauthenticated attacker to execute arbitrary commands.


TWiki is a web-based collaborative publishing environment. TWiki does not sanitize user-controlled URI parameters supplied to the revision control function for malicious content. Specifically, the rev parameter is not filtered for shell metacharacters before being used to construct a shell command. By sending a specially crafted URI to a system running TWiki, an remote, unauthenticated attacker may be able to execute arbitrary commands on that system.

Note that exploits are publicly available for this vulnerability. More detailed information is available in the TWiki Security Alert.


By sending a specially crafted URI to TWiki, a remote, unauthenticated attacker may be able to execute arbitrary commands with the privileges of the CGI process, typically nobody.


Apply hotfix
TWiki has release a hotfix to address this issue.

Restrict access

Restricting access to TWiki to only trusted users will reduce the chances of exploitation.

Vendor Information


TWiki Affected

Updated:  September 23, 2005



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

CVSS Metrics

Group Score Vector



This vulnerability was reported by Sap. TWiki credits PeterThoeny, Crawford Currie, Sven Dowideit, Colas Nahaboo, Will Norris, Richard Donkin, B4dP4nd4 and Florian Weimer for providing information regarding this issue.

This document was written by Jeff Gennari.

Other Information

CVE IDs: CVE-2005-2877
Severity Metric: 12.57
Date Public: 2005-09-14
Date First Published: 2005-09-20
Date Last Updated: 2005-10-04 19:45 UTC
Document Revision: 46

Sponsored by CISA.