QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2012-6329

Back to search

CVE-2012-6329

Published: Jan 4, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.

VendorProductVersions

n/a

n/a

affected
n/a

References

MDVSA-2013:113
vendor-advisory
x_refsource_MANDRIVA
USN-2099-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2013:0685
vendor-advisory
x_refsource_REDHAT
56950
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now