CVE-2002-2106

PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 allows remote attackers to execute arbitrary PHP code via the TemplateDir variable, as demonstrated using conflict.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://securitytracker.com/id?1003307	Exploit Patch
http://sourceforge.net/mailarchive/message.php?msg_id=185752	Exploit Vendor Advisory
http://www.securityfocus.com/bid/3946	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/8001
http://securitytracker.com/id?1003307	Exploit Patch
http://sourceforge.net/mailarchive/message.php?msg_id=185752	Exploit Vendor Advisory
http://www.securityfocus.com/bid/3946	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/8001

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:wikkitikkitavi:wikkitikkitavi:0.5:::::::*
	cpe:2.3:a:wikkitikkitavi:wikkitikkitavi:0.10:::::::*
	cpe:2.3:a:wikkitikkitavi:wikkitikkitavi:0.20:::::::*

History

20 Nov 2024, 23:42

Type	Values Removed	Values Added
References	~~() http://securitytracker.com/id?1003307 - Exploit, Patch~~	() http://securitytracker.com/id?1003307 - Exploit, Patch
References	~~() http://sourceforge.net/mailarchive/message.php?msg_id=185752 - Exploit, Vendor Advisory~~	() http://sourceforge.net/mailarchive/message.php?msg_id=185752 - Exploit, Vendor Advisory
References	~~() http://www.securityfocus.com/bid/3946 - Exploit, Patch~~	() http://www.securityfocus.com/bid/3946 - Exploit, Patch
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/8001 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/8001 -

Information

Published : 2002-12-31 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2002-2106

Mitre link : CVE-2002-2106

CVE.ORG link : CVE-2002-2106

JSON object : View

Products Affected

wikkitikkitavi

wikkitikkitavi

CWE

NVD-CWE-Other

{"id": "CVE-2002-2106", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2002-12-31T05:00:00.000", "references": [{"url": "http://securitytracker.com/id?1003307", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/mailarchive/message.php?msg_id=185752", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3946", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8001", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1003307", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sourceforge.net/mailarchive/message.php?msg_id=185752", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/3946", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8001", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 allows remote attackers to execute arbitrary PHP code via the TemplateDir variable, as demonstrated using conflict.php."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wikkitikkitavi:wikkitikkitavi:0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "344DD114-C6A3-4A0C-BA24-74D7700BFFD7"}, {"criteria": "cpe:2.3:a:wikkitikkitavi:wikkitikkitavi:0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C29967D-4B81-4224-935E-62EE1566F187"}, {"criteria": "cpe:2.3:a:wikkitikkitavi:wikkitikkitavi:0.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E0FADC1-BA13-4FA8-8792-46E1A04C20F7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}