6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.124 Low
EPSS
Percentile
95.5%
Th1nk3r reports:
The version of TWiki installed on the remote host allows access to
the ‘configure’ script and fails to sanitize the ‘image’ parameter
of that script of directory traversal sequences before returning the
file contents when the ‘action’ parameter is set to ‘image’. An
unauthenticated attacker can leverage this issue to view arbitrary
files on the remote host subject to the privileges of the web server
user id. .