TWiki is a Web-based groupware tool based around the concept of wiki pages that can be edited by anybody with a Web browser.
The TWiki search function, which uses a shell command executed via the Perl backtick operator, does not properly escape shell metacharacters in the user-provided search string.
An attacker can insert malicious commands into a search request, allowing the execution of arbitrary commands with the privileges of the user running TWiki (usually the Web server user).
There is no known workaround at this time.
All TWiki users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/twiki-20040902"