CVE-2008-1884

2008-04-18 17:05:00 2017-08-08 03:30:33

Directory traversal vulnerability in index.php in Wikepage Opus 13 2007.2 allows remote attackers to read arbitrary files via directory traversal sequences in the wiki parameter, a different vector than CVE-2006-4418.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Wikepage Opus 13 2007.2 (not an official CPE)

Wikepage - Opus

Advisory	Patch	Confirmed	Link
			wikepage-index-multiple-file-include(41688)
			28664
			20080407 Wikepage Opus 13 2007.2 Directory Traversal Vul...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (ID 22)

Related CAPEC 7 Relative Path Traversal (CAPEC-ID 139) Directory Traversal (CAPEC-ID 213) File System Function Injection, Content Based (CAPEC-ID 23) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) Manipulating Input to File System Calls (CAPEC-ID 76) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79)

Related CVE(s) 1 CVE-2006-4418 CVSS 4