[Full-disclosure] PmWiki Multiple Vulnerabilities
ascii
ascii at katamail.com
Sat Jan 28 20:07:16 GMT 2006
PmWiki Multiple Vulnerabilities
Name Multiple Vulnerabilities in PmWiki
Systems Affected PmWiki (verified on 2.1 beta 20)
Severity Medium Risk
Vendor www.pmichaud.com/wiki/PmWiki/PmWiki
Advisory http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/
Author Francesco "aScii" Ongaro (ascii at katamail . com)
Date 20060119
NOTE: This work only with REGISTER_GLOBALS ON on many versions of PHP5
(tested on 5.0.5, 5.1.1, 5.1.2).
This vulnerability defeat PmWiki global sanitizing code and allow
remote arbitrary file inclusion.
Advisory released on 20060128:
PmWiki Multiple Vulnerabilities
http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/
Full-Disclosure is hosted and sponsored by Secunia.