Vulnerability in N/a
CVE-2008-3195
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image v…
EPSS: 0.575 (98.2th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- 31849 (x_refsource_SECUNIA, third-party-advisory)
- 6269 (exploit, x_refsource_EXPLOIT-DB)
- 4265 (x_refsource_SREASON, third-party-advisory)
- 31964 (x_refsource_SECUNIA, third-party-advisory)
- www.kb.cert.org/vuls/id/RGII-7JEQ7L (x_refsource_CONFIRM)
- ADV-2008-2586 (vdb-entry, x_refsource_VUPEN)
- twiki-configure-image-command-execution(45183) (vdb-entry, x_refsource_XF)
- twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195 (x_refsource_CONFIRM)
- twiki.org/cgi-bin/view/Codev/TWikiRelease04x02x03 (x_refsource_CONFIRM)
- twiki-configure-directory-traversal(45182) (vdb-entry, x_refsource_XF)