CVE-2005-2319

critical

Description

PHP remote file include vulnerability in Yawp library 1.0.6 and earlier, as used in YaWiki and possibly other products, allows remote attackers to include arbitrary files via the _Yawp[conf_path] parameter.

References

http://www.securityfocus.com/bid/14237

http://www.securityfocus.com/archive/1/404948

http://www.hardened-php.net/advisory-102005.php

http://secunia.com/advisories/16049

http://phpyawp.com/yawiki/index.php?page=ChangeLog

Details

Source: Mitre, NVD

Published: 2005-07-19

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00524