Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.
http://www.vupen.com/english/advisories/2008/3381
http://www.securityfocus.com/bid/32668
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305