CVE-2008-3195
CVE-2008-3195
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/6269unverifiedexploitdbwww.exploit-db.com/exploits/6509unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://secunia.com/advisories/31849http://secunia.com/advisories/31964http://securityreason.com/securityalert/4265https://exchange.xforce.ibmcloud.com/vulnerabilities/45182https://exchange.xforce.ibmcloud.com/vulnerabilities/45183https://www.exploit-db.com/exploits/6269http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x02x03#4_2_3_Bugfix_Highlightshttp://www.kb.cert.org/vuls/id/362012http://www.kb.cert.org/vuls/id/RGII-7JEQ7Lhttp://www.vupen.com/english/advisories/2008/2586