Th1Nk3R

Name of the Vulnerable Software and Affected Versions: TWiki versions prior to 4.2.3 Description: A directory traversal issue exists in the bin/configure component of TWiki, allowing remote attackers to read arbitrary files by including a .. (dot dot) in the `image` variable within a query string. Additionally, attackers can execute arbitrary files via unspecified vectors when a specific step in the installation guide is skipped. Recommendations: For TWiki versions prior to 4.2.3, update to version 4.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the bin/configure component until the update is applied. Avoid using the `image` variable in query strings that may contain a .. (dot dot) sequence until the issue is resolved.