lib/TWiki/Sandbox.pm in TWiki 6.0.0 and previous versions, when running on Windows, allows remote malicious users to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
twiki twiki |
||
microsoft windows - |