Local File Inclusion

2019-03-2705:02:41

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.719 High

EPSS

Percentile

98.1%

JSON

jspwiki-main is vulnerable to local file inclusion. An attacker is able to retrieve registered user details using a malicious URL to access files under the ROOT directory.

CPENameOperatorVersion
apache jspwiki main jareq2.11.0.M1

CPE	Name	Operator	Version
	apache jspwiki main jar	eq	2.11.0.M1

References

www.openwall.com/lists/oss-security/2019/03/26/2

www.securityfocus.com/bid/107627

github.com/apache/jspwiki/commit/b6bf6192f634eb3bf2c9d060d07fd1e0e0cdc2ca

jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225

lists.apache.org/thread.html/03ddbcb1d6322e04734e65805a147a32bcfdb71b8fc5821fb046ba8d@%3Cannounce.apache.org%3E

lists.apache.org/thread.html/4f19fdbd8b9c4caf6137a459d723f4ec60379b033ed69277eb4e0af9@%3Cuser.jspwiki.apache.org%3E

lists.apache.org/thread.html/6251c06cb11e0b495066be73856592dbd7ed712487ef283d10972831@%3Cdev.jspwiki.apache.org%3E

lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E

lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E

0.719 High

EPSS

Percentile

98.1%

JSON

Related for VERACODE:13549