CVE-2008-6423
PassWiki (passwiki.php) is vulnerable to a directory traversal / local file inclusion via the site_id parameter, affecting versions up to 0.9.16 RC3 and 0.9.17 and earlier. The root cause is unsanitized user input in site_id, enabling reading arbitrary local files. Exploitation details and active...