Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Wikepage | Wikepage | 2006.2 (including) | 2006.2 (including) |
| Wikepage | Wikepage | 2006.2a (including) | 2006.2a (including) |
References
- http://secunia.com/advisories/21542
- http://www.osvdb.org/28177
- http://www.securityfocus.com/bid/19694
- http://www.vupen.com/english/advisories/2006/3386
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28555
- https://www.exploit-db.com/exploits/2252
- http://secunia.com/advisories/21542
- http://www.osvdb.org/28177
- http://www.securityfocus.com/bid/19694
- http://www.vupen.com/english/advisories/2006/3386
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28555
- https://www.exploit-db.com/exploits/2252