CVE-2006-4418

Wikepage - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Hessam-x · perlwebappsphp

https://www.exploit-db.com/exploits/2252

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/28555

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/2252

[Third Party Advisory, VDB Entry] http://www.osvdb.org/28177

[Vendor Advisory] http://secunia.com/advisories/21542

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/3386

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/19694

Scores

EPSS 0.1241

EPSS Percentile 93.9%

Details

Status published

Products (2)

wikepage/wikepage 2006.2

wikepage/wikepage 2006.2a

Published Aug 28, 2006

Tracked Since Feb 18, 2026