CVE-2007-5193

Name of the Vulnerable Software and Affected Versions TWiki version 4.1.2

Description The default configuration of TWiki on Debian GNU/Linux, and possibly other operating systems, has a security issue. The work area directory is located under the web document root, which could allow remote attackers to access sensitive information if .htaccess restrictions are not in place.

Recommendations For TWiki version 4.1.2, consider moving the work area directory outside of the web document root or applying .htaccess restrictions to limit access to sensitive information. As a temporary workaround, restrict access to the cfg{RCS}{WorkAreaDir} directory to minimize the risk of exploitation.