CVE-2007-3193

Related Files

Gentoo Linux Security Advisory 200709-10

Posted Sep 19, 2007

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200709-10 - The PhpWiki development team reported an authentication error within the file lib/WikiUser/LDAP.php when binding to an LDAP server with an empty password. Versions less than 1.3.14 are affected.

tags | advisory, php

systems | linux, gentoo

advisories | CVE-2007-3193

SHA-256 | 481695bb332d9ad6c74b9e42a789f7db19404d4cbc313722f20006286717d8ba

Download | Favorite | View

Debian Linux Security Advisory 1371-1

Posted Sep 11, 2007

Authored by Debian | Site debian.org

Debian Security Advisory 1371-1 - Several vulnerabilities have been discovered in phpWiki, a wiki engine written in PHP. It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file uploads. It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file uploads. If the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, phpWiki might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.

tags | advisory, remote, php, vulnerability, file upload

systems | linux, debian

advisories | CVE-2007-2024, CVE-2007-2025, CVE-2007-3193

SHA-256 | b7b01d7f2a959335ad4e537ebb5fba440c7f535ac3481c32a0333098d6941ddf

Download | Favorite | View