CVE-2013-7448

NameCVE-2013-7448
DescriptionDirectory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-424-1, DSA-3485-1
NVD severitymedium (attack range: remote)
Debian Bugs815111

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
didiwiki (PTS)wheezy, wheezy (security)0.5-11+deb7u2fixed
jessie (security), jessie0.5-11+deb8u2fixed
buster, sid, stretch0.5-13fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
didiwikisource(unstable)0.5-12medium815111
didiwikisourcejessie0.5-11+deb8u1mediumDSA-3485-1
didiwikisourcesqueeze0.5-9+deb6u1mediumDLA-424-1
didiwikisourcewheezy0.5-11+deb7u1mediumDSA-3485-1

Notes

https://github.com/OpenedHand/didiwiki/pull/1/files
http://www.openwall.com/lists/oss-security/2016/02/19/4

Search for package or bug name: Reporting problems