Yawp _Yawp[conf_path] Variable Remote File Inclusion

2005-07-12T07:39:22
ID OSVDB:17851
Type osvdb
Reporter OSVDB
Modified 2005-07-12T07:39:22

Description

Technical Description

This can only be exploited if the 'register_globals' and 'allow_url_fopen' PHP options are set to 'on'.

Solution Description

Upgrade to version 1.1.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor URL: http://phpyawp.com/yawiki/ Secunia Advisory ID:16049 Other Advisory URL: http://www.hardened-php.net/advisory-102005.php Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0224.html CVE-2005-2319 Bugtraq ID: 14237