CVE-2008-3195

TWiki < 4.2.3 - Path Traversal and Arbitrary File Execution via Image Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-3195. PoCs published by Th1nk3r.

AI-analyzed exploit summary This exploit leverages an input validation error in TWiki 4.2.0's configure script to disclose arbitrary files by manipulating the 'image' and 'type' parameters. The vulnerability arises from insufficient sanitization of user-supplied input in the open() function.

Description

Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Th1nk3r · textwebappscgi
https://www.exploit-db.com/exploits/6269

This exploit leverages an input validation error in TWiki 4.2.0's configure script to disclose arbitrary files by manipulating the 'image' and 'type' parameters. The vulnerability arises from insufficient sanitization of user-supplied input in the open() function.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: TWiki 4.2.0
Auth required
Prerequisites: Access to the /bin/configure script · Knowledge of the target file path
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
webappscgi
https://www.exploit-db.com/exploits/6509

The exploit demonstrates a local file inclusion and command execution vulnerability in TWiki's 'configure' script due to improper handling of user-supplied input in the 'image' parameter. The vulnerability allows arbitrary file reads and command execution via shell metacharacters.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TWiki <= 4.2.2
No auth needed
Prerequisites: Access to the TWiki 'configure' script without .htaccess protection
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (11)

Core 11
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31849
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6269
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4265
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31964
Third Party Advisory, US Government Resource x_refsource_confirm
http://www.kb.cert.org/vuls/id/RGII-7JEQ7L
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2586
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45183
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45182
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/362012

Scores

EPSS 0.0828
EPSS Percentile 94.2%

Details

CWE
CWE-22
Status published
Products (13)
twiki/twiki 4.0
twiki/twiki 4.0.0
twiki/twiki 4.0.1
twiki/twiki 4.0.2
twiki/twiki 4.0.3
twiki/twiki 4.0.4
twiki/twiki 4.0.5
twiki/twiki 4.1.0
twiki/twiki 4.1.1
twiki/twiki 4.1.2
... and 3 more
Published Sep 18, 2008
Tracked Since Feb 18, 2026