Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-2106

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-2106
Last Modified 05 Sep 2008 04:32:20
Published 31 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-2106

Summary

PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 allows remote attackers to execute arbitrary PHP code via the TemplateDir variable, as demonstrated using conflict.php.

Vulnerable Systems

Application

  • Wikkitikkitavi 0.10

  • Wikkitikkitavi 0.20

  • Wikkitikkitavi 0.5


References

XF - wikkitikkitavi-include-template(8001)

BID - 3946

SECTRACK - 1003307

MLIST - [tavi-devel] 20020102 "Tavi security advisory


Last Updated: 27 May 2016 10:37:36