Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.
CVSS Score
10.0
EPSS Score
0.029
Published
2008-12-10
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors.
CVSS Score
6.8
EPSS Score
0.575
Published
2008-09-18
Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files.
CVSS Score
4.6
EPSS Score
0.001
Published
2007-02-08
TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
CVSS Score
9.0
EPSS Score
0.014
Published
2006-12-02
Page 2