Vulnerability Details CVE-2005-2319
PHP remote file include vulnerability in Yawp library 1.0.6 and earlier, as used in YaWiki and possibly other products, allows remote attackers to include arbitrary files via the _Yawp[conf_path] parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.0%
CVSS Severity
CVSS v2 Score 5.0
References
- http://phpyawp.com/yawiki/index.php?page=ChangeLog
- http://secunia.com/advisories/16049
- http://www.hardened-php.net/advisory-102005.php
- http://www.securityfocus.com/archive/1/404948
- http://www.securityfocus.com/bid/14237
- http://phpyawp.com/yawiki/index.php?page=ChangeLog
- http://secunia.com/advisories/16049
- http://www.hardened-php.net/advisory-102005.php
- http://www.securityfocus.com/archive/1/404948
- http://www.securityfocus.com/bid/14237
Products affected by CVE-2005-2319
-
cpe:2.3:a:yawp:yawp:1.0.0
-
cpe:2.3:a:yawp:yawp:1.0.1
-
cpe:2.3:a:yawp:yawp:1.0.2
-
cpe:2.3:a:yawp:yawp:1.0.3
-
cpe:2.3:a:yawp:yawp:1.0.4
-
cpe:2.3:a:yawp:yawp:1.0.5
-
cpe:2.3:a:yawp:yawp:1.0.6