Vulnerability Description
Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function.
CVSS Score
7.8
HIGH
AV:N/AC:L/Au:N/C:C/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Easy-Script | Wysi Wiki Wyg | 1.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.org/0810-exploits/wysiwikiwyg-lfixssdisclose.txtExploit
- http://secunia.com/advisories/31061
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47105
- https://www.exploit-db.com/exploits/6042
- http://packetstormsecurity.org/0810-exploits/wysiwikiwyg-lfixssdisclose.txtExploit
- http://secunia.com/advisories/31061
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47105
- https://www.exploit-db.com/exploits/6042
FAQ
What is CVE-2008-5322?
CVE-2008-5322 is a vulnerability with a CVSS score of 7.8 (HIGH). Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function.
How severe is CVE-2008-5322?
CVE-2008-5322 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5322?
Check the references section above for vendor advisories and patch information. Affected products include: Easy-Script Wysi Wiki Wyg.