Vulnerability Description
PHP remote file include vulnerability in Yawp library 1.0.6 and earlier, as used in YaWiki and possibly other products, allows remote attackers to include arbitrary files via the _Yawp[conf_path] parameter.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yawp | Yawp | 1.0.0 |
References
- http://phpyawp.com/yawiki/index.php?page=ChangeLog
- http://secunia.com/advisories/16049
- http://www.hardened-php.net/advisory-102005.phpPatchVendor Advisory
- http://www.securityfocus.com/archive/1/404948PatchVendor Advisory
- http://www.securityfocus.com/bid/14237Patch
- http://phpyawp.com/yawiki/index.php?page=ChangeLog
- http://secunia.com/advisories/16049
- http://www.hardened-php.net/advisory-102005.phpPatchVendor Advisory
- http://www.securityfocus.com/archive/1/404948PatchVendor Advisory
- http://www.securityfocus.com/bid/14237Patch
FAQ
What is CVE-2005-2319?
CVE-2005-2319 is a vulnerability with a CVSS score of 5.0 (MEDIUM). PHP remote file include vulnerability in Yawp library 1.0.6 and earlier, as used in YaWiki and possibly other products, allows remote attackers to include arbitrary files via the _Yawp[conf_path] para...
How severe is CVE-2005-2319?
CVE-2005-2319 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2319?
Check the references section above for vendor advisories and patch information. Affected products include: Yawp Yawp.