This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
A TWiki Security Alert reports :
The TWiki upload filter already prevents executable scripts such as
.php, .php1, .phps, .pl from potentially getting executed by appending
a .txt suffix to the uploaded filename. However, PHP and some other
types allows additional file suffixes, such as .php.en, .php.1, and
.php.2. TWiki does not check for these suffixes, e.g. it is possible
to upload php scripts with such suffixes without the .txt filename
This issue can also be worked around with a restrictive web server
configuration. See the
TWiki Security Alert for more information about how to do this.
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 4.0
CVSS Temporal Score : 3.3
Public Exploit Available : true