Vulnerabilities > CVE-2002-2106 - Remote File Include vulnerability in Wikkitikkitavi 0.10/0.20/0.5

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

wikkitikkitavi

exploit available

NVD

Published: 2002-12-31

Updated: 2017-12-19

Summary

PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 allows remote attackers to execute arbitrary PHP code via the TemplateDir variable, as demonstrated using conflict.php.

Vulnerable Configurations

Part	Description	Count
Application	Wikkitikkitavi Wikkitikkitavi Wikkitikkitavi 0.5 Wikkitikkitavi Wikkitikkitavi 0.10 Wikkitikkitavi Wikkitikkitavi 0.20	3

Exploit-Db

description	WikkiTikkiTavi 0.x Remote File Include Vulnerability. CVE-2002-2106. Webapps exploit for php platform
id	EDB-ID:21241
last seen	2016-02-02
modified	2002-01-02
published	2002-01-02
reporter	Scott Moonen
source	https://www.exploit-db.com/download/21241/
title	WikkiTikkiTavi 0.x - Remote File Include Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References