PT-2007-6806 · Scwiki · Scwiki

Gold_M

Published

2007-11-06

Updated

2017-09-29

CVE-2007-5843

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions scWiki version 1.0 Beta 2

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the pathdot parameter in the includes/common.php file.

Recommendations For scWiki version 1.0 Beta 2, consider restricting access to the includes/common.php file or validating the pathdot parameter to prevent remote file inclusion attacks. As a temporary workaround, avoid using the pathdot parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2007-5843

Affected Products

Scwiki

PT-2007-6806 · Scwiki · Scwiki

CVE-2007-5843

Weakness Enumeration

Related Identifiers

Affected Products

References · 6