CVE-2008-5322

Properties

Published:
02.12.2008
Updated:
05.12.2008
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Product:
easy-script: wysi_wiki_wyg

Vulnerability description

Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function.

References:

MILW0RM: http://www.milw0rm.com/exploits/6042
SECUNIA: http://secunia.com/advisories/31061
MISC: http://packetstormsecurity.org/0810-exploits/wysiwikiwyg-lfixssdisclose.txt