CVE-2006-4418

critical

Description

Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file.

References

https://www.exploit-db.com/exploits/2252

https://exchange.xforce.ibmcloud.com/vulnerabilities/28555

http://www.vupen.com/english/advisories/2006/3386

http://www.securityfocus.com/bid/19694

http://www.osvdb.org/28177

http://secunia.com/advisories/21542

Details

Source: Mitre, NVD

Published: 2006-08-28

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.08088

Detections

Analytics