The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote malicious users to read restricted areas and access restricted content in TWiki topics.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
twiki twiki 4.0 |
||
twiki twiki 4.0.1 |