CVE-2002-2106

WikkiTikkiTavi < 0.21 - Remote File Inclusion via TemplateDir Parameter

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-2106. PoCs published by Scott Moonen.

AI-analyzed exploit summary This is a writeup describing a remote file inclusion vulnerability in WikkiTikkiTavi. The vulnerability allows an attacker to include and execute arbitrary PHP scripts from a remote host via a malicious URL request.

Description

PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 allows remote attackers to execute arbitrary PHP code via the TemplateDir variable, as demonstrated using conflict.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Scott Moonen · textwebappsphp
https://www.exploit-db.com/exploits/21241

This is a writeup describing a remote file inclusion vulnerability in WikkiTikkiTavi. The vulnerability allows an attacker to include and execute arbitrary PHP scripts from a remote host via a malicious URL request.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WikkiTikkiTavi (version not specified)
No auth needed
Prerequisites: Access to the target web server · Ability to host a malicious PHP script on a remote server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3946
Exploit, Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1003307
Exploit, Vendor Advisory mailing-list x_refsource_mlist
http://sourceforge.net/mailarchive/message.php?msg_id=185752
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/8001

Scores

EPSS 0.0269
EPSS Percentile 84.1%

Details

Status published
Products (3)
wikkitikkitavi/wikkitikkitavi 0.5
wikkitikkitavi/wikkitikkitavi 0.10
wikkitikkitavi/wikkitikkitavi 0.20
Published Dec 31, 2002
Tracked Since Feb 18, 2026