Phpwiki : Security Vulnerabilities, CVEs,
lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.
Max CVSS
10.0
EPSS Score
1.58%
Published
2007-06-12
Updated
2017-07-29
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
Max CVSS
7.5
EPSS Score
1.90%
Published
2007-04-13
Updated
2008-09-05
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension.
Max CVSS
6.8
EPSS Score
2.21%
Published
2007-04-13
Updated
2018-10-16
3 vulnerabilities found