Yawp _Yawp[conf_path] Variable Remote File Inclusion

ID OSVDB:17851
Type osvdb
Reporter OSVDB
Modified 2005-07-12T07:39:22


Technical Description

This can only be exploited if the 'register_globals' and 'allow_url_fopen' PHP options are set to 'on'.

Solution Description

Upgrade to version 1.1.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.


Vendor URL: http://phpyawp.com/yawiki/ Secunia Advisory ID:16049 Other Advisory URL: http://www.hardened-php.net/advisory-102005.php Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0224.html CVE-2005-2319 Bugtraq ID: 14237