CVE-2006-4294
TWiki 4.0.0-4.0.4 - Directory Traversal via Filename Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-4294. PoCs published by Peter Thoeny.
AI-analyzed exploit summary The provided text describes a directory traversal vulnerability in Twiki versions 4.00 to 4.04, allowing attackers to retrieve arbitrary files by manipulating the 'filename' parameter in a URL. The example demonstrates accessing '/etc/passwd' via path traversal sequences.
Description
Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
Exploits (1)
The provided text describes a directory traversal vulnerability in Twiki versions 4.00 to 4.04, allowing attackers to retrieve arbitrary files by manipulating the 'filename' parameter in a URL. The example demonstrates accessing '/etc/passwd' via path traversal sequences.