Gentoo Linux Security Advisory GLSA 200709-10 - The PhpWiki development team reported an authentication error within the file lib/WikiUser/LDAP.php when binding to an LDAP server with an empty password. Versions less than 1.3.14 are affected.
481695bb332d9ad6c74b9e42a789f7db19404d4cbc313722f20006286717d8ba
Debian Security Advisory 1371-1 - Several vulnerabilities have been discovered in phpWiki, a wiki engine written in PHP. It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file uploads. It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file uploads. If the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, phpWiki might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.
b7b01d7f2a959335ad4e537ebb5fba440c7f535ac3481c32a0333098d6941ddf