Twiki · Twiki · CVE-2006-3336
**Name of the Vulnerable Software and Affected Versions**
TWiki versions 01-Dec-2000 up to 4.0.3
**Description**
The issue allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions. This is only a problem when the server allows script execution in the pub directory.
**Recommendations**
For TWiki versions 01-Dec-2000 up to 4.0.3, restrict script execution in the pub directory to prevent exploitation.