CyberSec.Space Logo
CVEブラウザに戻る

CVE-2007-3193

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1610%
EPSS Percentile29.02th
Published2007年6月12日
Last Modified2026年4月23日

Vulnerability Description

lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.

Affected Platforms (CPE)

📦
Phpwiki

Phpwiki

<= 1.3.13

References & Advisories

🔗 http://osvdb.org/37219
🔗 http://secunia.com/advisories/25595
🔗 http://secunia.com/advisories/26784
🔗 http://secunia.com/advisories/26880
🔗 http://security.gentoo.org/glsa/glsa-200709-10.xml
🔗 http://sourceforge.net/project/shownotes.php?release_id=514820
🔗 http://sourceforge.net/tracker/index.php?func=detail&aid=1732882&group_id=6121&atid=106121
🔗 http://www.debian.org/security/2007/dsa-1371

関連する脆弱性情報

CVE-2017-79818.8

Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki compon...

CVE-2002-10707.5

Cross-site scripting vulnerability in PHPWiki Postnuke wiki module allows remote attackers to execute script as other PHPWiki user...

CVE-2007-20257.5

Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers t...

CVE-2014-55197.5

The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option...