Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable.

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4112)