Phpwiki Project Phpwiki vulnerabilities
2 known vulnerabilities affecting phpwiki_project/phpwiki.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2014-5519P2HIGHCVSS 7.5PoCv1.5.02014-09-11
CVE-2014-5519 [HIGH] CWE-94 CVE-2014-5519: The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell met
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of these details are obtained from third party information.
nvd
CVE-2017-7981P2HIGHCVSS 8.8PoCv1.3.102017-04-29
CVE-2017-7981 [HIGH] CWE-78 CVE-2017-7981: Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occ
Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap user can control this value, even with shell metacharacters, as demonstrated by
nvd