CVE-2008-1170

Name of the Vulnerable Software and Affected Versions KCWiki version 1.0

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the page parameter to specific API endpoints, such as "minimal/wiki.php" and "simplest/wiki.php".

Recommendations For KCWiki version 1.0, consider restricting access to the minimal/wiki.php and simplest/wiki.php endpoints until a patch is available. Avoid using the page parameter in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.