// For flags

CVE-2008-3195

TWiki 4.2.0 - 'configure' Remote File Disclosure

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors.

Vulnerabilidad de salto de directorio en bin/configure en TWiki anterior a v4.2.3, cuando algún paso en el asistente de instalación es omitido, permite a atacantes remotos leer ficheros de su elección a través de una cadena de consulta que contiene ..(punto punto) en la variable "image", y ejecutar archivos de su elección a través de vectores no especificados.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-07-16 CVE Reserved
  • 2008-09-17 CVE Published
  • 2008-09-21 First Exploit
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 <= 4.2.2
Search vendor "Twiki" for product "Twiki" and version " <= 4.2.2"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 4.0
Search vendor "Twiki" for product "Twiki" and version "4.0"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 4.0.0
Search vendor "Twiki" for product "Twiki" and version "4.0.0"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 4.0.1
Search vendor "Twiki" for product "Twiki" and version "4.0.1"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 4.0.2
Search vendor "Twiki" for product "Twiki" and version "4.0.2"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 4.0.3
Search vendor "Twiki" for product "Twiki" and version "4.0.3"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 4.0.4
Search vendor "Twiki" for product "Twiki" and version "4.0.4"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 4.0.5
Search vendor "Twiki" for product "Twiki" and version "4.0.5"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 4.1.0
Search vendor "Twiki" for product "Twiki" and version "4.1.0"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 4.1.1
Search vendor "Twiki" for product "Twiki" and version "4.1.1"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 4.1.2
Search vendor "Twiki" for product "Twiki" and version "4.1.2"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 4.2.0
Search vendor "Twiki" for product "Twiki" and version "4.2.0"
-
Affected
Twiki
Search vendor "Twiki"
 Twiki
Search vendor "Twiki" for product "Twiki"
 4.2.1
Search vendor "Twiki" for product "Twiki" and version "4.2.1"
-
Affected