Several vulnerabilities have been discovered in phpWiki, a wiki engine
written in PHP. The Common Vulnerabilities and Exposures project
identifies the following problems:
It was discovered that phpWiki performs insufficient file name
validation, which allows unrestricted file uploads.
It was discovered that phpWiki performs insufficient file name
validation, which allows unrestricted file uploads.
If the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM,
phpWiki might allow remote attackers to bypass authentication via
an empty password, which causes ldap_bind to return true when used
with certain LDAP implementations.
The old stable distribution (sarge) does not contain phpwiki packages.
For the stable distribution (etch) these problems have been fixed in
version 1.3.12p3-5etch1.
For the unstable distribution (sid) these problems have been fixed in
version 1.3.12p3-6.1.
We recommend that you upgrade your phpwiki package.
CPE | Name | Operator | Version |
---|---|---|---|
phpwiki | eq | 1.3.12p3-5 |