CyberSec.Space Logo
Back to CVE Browser

CVE-2014-5519

HIGH
7.5
CVSS Severity Score
EPSS Score0.0760%
EPSS Percentile34.72th
PublishedSep 11, 2014
Last ModifiedMay 6, 2026

Vulnerability Description

The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

πŸ“¦
Phpwiki Project

Phpwiki

= 1.5.0

References & Advisories

πŸ”— http://osvdb.org/show/osvdb/110576
πŸ”— http://packetstormsecurity.com/files/128031/PhpWiki-Ploticus-Command-Injection.html
πŸ”— http://seclists.org/fulldisclosure/2014/Aug/77
πŸ”— http://seclists.org/oss-sec/2014/q3/456
πŸ”— http://seclists.org/oss-sec/2014/q3/465
πŸ”— http://secunia.com/advisories/60293
πŸ”— http://www.exploit-db.com/exploits/34451
πŸ”— http://osvdb.org/show/osvdb/110576

Related Vulnerabilities

CVE-2007-319310.0

lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remo...

CVE-2017-79818.8

Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki compon...

CVE-2002-10707.5

Cross-site scripting vulnerability in PHPWiki Postnuke wiki module allows remote attackers to execute script as other PHPWiki user...

CVE-2007-20257.5

Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers t...