Intrusion Prevention

Twiki.Image.Path.Remote.Command.Execution

Description

This indicates an attempt to exploit a command execution vulnerability in TWiki.
The vulnerability is a result of the application's failure to properly sanitize the image variable in a URL query. As a result, a remote attacker can send a
crafted query to execute arbitrary commands.

Affected Products

TWiki before 4.2.3

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's web site for suggested workaround:
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195#Hotfix_for_older_TWiki_versions

CVE References

CVE-2008-3195