Published:2006/05/24 Last Updated:2008/05/21
JVN#46691257
RWiki arbitrary Ruby script execution vulnerability
Overview
RWiki, one of Wiki clones, contains a vulnerability allowing execution of arbitrary Ruby scripts on its edit mode page.
Products Affected
- RWiki/2.1.0pre2 and all earlier versions
Description
Impact
A remote attacker could execute an arbitrary Ruby script on the server where RWiki is installed, with the privilege running RWiki.
Solution
References
JPCERT/CC Addendum
Credit
Masatoshi Seki of www.druby.org reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2006-000620 |