cbcvebase.
CVE-2008-3195
published 2008-09-18

CVE-2008-3195: Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to…

PriorityP345medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
8.28%
94.2th percentile
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors.

Affected

13 ranges
VendorProductVersion rangeFixed in
twikitwiki<= 4.2.2
twikitwiki
twikitwiki
twikitwiki
twikitwiki
twikitwiki
twikitwiki
twikitwiki
twikitwiki
twikitwiki
twikitwiki
twikitwiki
twikitwiki

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://www.examplo.org/{PATH}/bin/configure?action=image;image=../../../../../../etc/passwd;type=text/plain
urlhttp://localhost/twiki/bin/configure?action=image;image=../../../../../../../etc/passwd;type=text/plain
urlhttp://localhost/twiki/bin/configure?action=image;image=|uname -a|;type=text/plain
path/bin/configure
  • Look for HTTP requests to /bin/configure with 'action=image' and 'image=' parameters containing directory traversal sequences (../) in the query string.
  • Detect pipe characters (|) in the 'image' parameter of requests to /bin/configure, indicating attempted command execution via the open() shell injection vector.
  • Alert on requests to /bin/configure where the 'type' parameter is set to 'text/plain' alongside an 'image' parameter, as this is the attacker-controlled content-type used to read arbitrary files.
  • The vulnerability is only exploitable if the /bin/configure script is publicly accessible; monitor for unauthenticated external access to this endpoint.
  • ·The vulnerability is only exploitable when a specific step in the TWiki installation guide is skipped (step 8 of Basic Installation), which leaves /bin/configure publicly accessible. Instances that have followed the full installation guide and restricted access to configure are not exploitable.
  • ·Affected versions are TWiki 4.2.0 through 4.2.2; TWiki 4.2.3 and later contain the fix.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.