VYPR
Unrated severityNVD Advisory· Published Oct 16, 2014· Updated Jun 17, 2026

CVE-2014-7237

CVE-2014-7237

Description

lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • TWiki/Twiki2 versions
    cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*range: <=6.0.0
    • (no CPE)range: <=6.0.0
  • cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.