Vulnerabilities > CVE-2005-2319 - Remote File Include vulnerability in Yawp Conf_Path

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

yawp

NVD

Published: 2005-07-19

Updated: 2008-09-05

Summary

PHP remote file include vulnerability in Yawp library 1.0.6 and earlier, as used in YaWiki and possibly other products, allows remote attackers to include arbitrary files via the _Yawp[conf_path] parameter.

Vulnerable Configurations

Part	Description	Count
Application	Yawp Yawp Yawp 1.0.0 Yawp Yawp 1.0.1 Yawp Yawp 1.0.2 Yawp Yawp 1.0.3 Yawp Yawp 1.0.4 Yawp Yawp 1.0.5 Yawp Yawp 1.0.6	7

References

http://phpyawp.com/yawiki/index.php?page=ChangeLog
http://secunia.com/advisories/16049
http://www.hardened-php.net/advisory-102005.php
http://www.securityfocus.com/archive/1/404948
http://www.securityfocus.com/bid/14237