CVE-2013-7448

NameCVE-2013-7448
DescriptionDirectory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-424-1, DSA-3485-1
NVD severitymedium
Debian Bugs815111

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
didiwiki (PTS)bookworm, sid, buster, bullseye, stretch0.5-13fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
didiwikisourcesqueeze0.5-9+deb6u1DLA-424-1
didiwikisourcewheezy0.5-11+deb7u1DSA-3485-1
didiwikisourcejessie0.5-11+deb8u1DSA-3485-1
didiwikisource(unstable)0.5-12815111

Notes

https://github.com/OpenedHand/didiwiki/pull/1/files
https://www.openwall.com/lists/oss-security/2016/02/19/4

Search for package or bug name: Reporting problems