PT-2002-2076 · Phpwiki · Phpwiki Postnuke Wiki Module

Published

2002-08-31

Updated

2008-09-05

CVE-2002-1070

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: PHPWiki Postnuke wiki module (affected versions not specified)

Description: A cross-site scripting issue allows remote attackers to execute script as other PHPWiki users via the pagename parameter in the API endpoint.

Recommendations: For the PHPWiki Postnuke wiki module, consider restricting access to the pagename parameter to minimize the risk of exploitation. Avoid using the pagename parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1070

Affected Products

Phpwiki Postnuke Wiki Module

PT-2002-2076 · Phpwiki · Phpwiki Postnuke Wiki Module

CVE-2002-1070

Related Identifiers

Affected Products

References · 5