Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-1371-1
HistorySep 11, 2007 - 12:00 a.m.

phpwiki - several vulnerabilities

2007-09-1100:00:00
Google
osv.dev
6

0.034 Low

EPSS

Percentile

91.5%

JSON

Several vulnerabilities have been discovered in phpWiki, a wiki engine
written in PHP. The Common Vulnerabilities and Exposures project
identifies the following problems:

It was discovered that phpWiki performs insufficient file name
validation, which allows unrestricted file uploads.

It was discovered that phpWiki performs insufficient file name
validation, which allows unrestricted file uploads.

If the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM,
phpWiki might allow remote attackers to bypass authentication via
an empty password, which causes ldap_bind to return true when used
with certain LDAP implementations.

The old stable distribution (sarge) does not contain phpwiki packages.

For the stable distribution (etch) these problems have been fixed in
version 1.3.12p3-5etch1.

For the unstable distribution (sid) these problems have been fixed in
version 1.3.12p3-6.1.

We recommend that you upgrade your phpwiki package.

CPENameOperatorVersion
phpwikieq1.3.12p3-5

Related

debian 1
nessus 3
openvas 6
gentoo 2
prion 3
cve 3
cvelist 3
ubuntucve 3
nvd 3
cert 1
securityvulns 1
debian
debian
[SECURITY] [DSA 1371-1] New phpwiki packages fix several vulnerabilities
2007-09-11 18:46:30
nessus
nessus
Debian DSA-1371-1 : phpwiki - several vulnerabilities
2007-09-14 00:00:00
GLSA-200705-16 : PhpWiki: Remote execution of arbitrary code
2007-05-20 00:00:00
GLSA-200709-10 : PhpWiki: Authentication bypass
2007-09-24 00:00:00
openvas
openvas
Debian Security Advisory DSA 1371-1 (phpwiki)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1371-1)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200705-16 (phpwiki)
2008-09-24 00:00:00
gentoo
gentoo
PhpWiki: Remote execution of arbitrary code
2007-05-17 00:00:00
PhpWiki: Authentication bypass
2007-09-18 00:00:00
prion
prion
Unrestricted file upload
2007-04-13 18:19:00
Authentication flaw
2007-06-12 23:30:00
Unrestricted file upload
2007-04-13 18:19:00
cve
cve
CVE-2007-2025
2007-04-13 18:19:00
CVE-2007-3193
2007-06-12 23:30:00
CVE-2007-2024
2007-04-13 18:19:00
cvelist
cvelist
CVE-2007-2025
2007-04-13 18:00:00
CVE-2007-3193
2007-06-12 23:00:00
CVE-2007-2024
2007-04-13 18:00:00
ubuntucve
ubuntucve
CVE-2007-2025
2007-04-13 00:00:00
CVE-2007-3193
2007-06-12 00:00:00
CVE-2007-2024
2007-04-13 00:00:00
nvd
nvd
CVE-2007-2025
2007-04-13 18:19:00
CVE-2007-3193
2007-06-12 23:30:00
CVE-2007-2024
2007-04-13 18:19:00
cert
cert
PhpWiki fails to properly restrict uploaded files
2007-04-12 00:00:00
securityvulns
securityvulns
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2007-04-12 00:00:00

0.034 Low

EPSS

Percentile

91.5%

JSON
Related for OSV:DSA-1371-1
debian1nessus3openvas6gentoo2prion3cve3cvelist3ubuntucve3nvd3cert1securityvulns1