Back to search
CVE-2008-3195
Published: Sep 17, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
31849
third-party-advisory
x_refsource_SECUNIA
6269
exploit
x_refsource_EXPLOIT-DB
4265
third-party-advisory
x_refsource_SREASON
31964
third-party-advisory
x_refsource_SECUNIA
http://www.kb.cert.org/vuls/id/RGII-7JEQ7L
x_refsource_CONFIRM
ADV-2008-2586
vdb-entry
x_refsource_VUPEN
twiki-configure-image-command-execution(45183)
vdb-entry
x_refsource_XF
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195
x_refsource_CONFIRM
twiki-configure-directory-traversal(45182)
vdb-entry
x_refsource_XF
VU#362012
third-party-advisory
x_refsource_CERT-VN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now