CVE-2008-3195

Name of the Vulnerable Software and Affected Versions: TWiki versions prior to 4.2.3

Description: A directory traversal issue exists in the bin/configure component of TWiki, allowing remote attackers to read arbitrary files by including a .. (dot dot) in the image variable within a query string. Additionally, attackers can execute arbitrary files via unspecified vectors when a specific step in the installation guide is skipped.

Recommendations: For TWiki versions prior to 4.2.3, update to version 4.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the bin/configure component until the update is applied. Avoid using the image variable in query strings that may contain a .. (dot dot) sequence until the issue is resolved.