Harald Joerg

**Name of the Vulnerable Software and Affected Versions** TWiki versions 4.0.0 through 4.0.2 **Description** The issue allows remote attackers to gain administrator privileges by modifying the `action` attribute in the `TWiki.TWikiRegistration` form to reference the `Sandbox` web instead of the `user` web. This can be used to associate a user's login name with the `WikiName` of a member of the `TWikiAdminGroup`. **Recommendations** For TWiki versions 4.0.0 through 4.0.2, consider restricting access to the `TWiki.TWikiRegistration` form until a fix is available. As a temporary workaround, restrict the ability to modify the `action` attribute in this form to prevent unauthorized access to administrator privileges.