Debian DSA-1639-1 : twiki - command execution
Medium Nessus Plugin ID 34246
SynopsisThe remote Debian host is missing a security-related update.
DescriptionIt was discovered that twiki, a web-based collaboration platform, didn't properly sanitize the image parameter in its configuration script. This could allow remote users to execute arbitrary commands upon the system, or read any files which were readable by the webserver user.
SolutionUpgrade the twiki package.
For the stable distribution (etch), this problem has been fixed in version 1:4.0.5-9.1etch1.