Sensitive Data: phpwiki 1.5.4 - Cross-Site Scripting/Local File Inclusion¶

Identifier: phpwiki_lfi

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

phpwiki 1.5.4 is vulnerable to cross-site scripting and local file inclusion, and allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint.

Reference:

https://www.exploit-db.com/exploits/38027

Configuration¶

Example¶

Example configuration:

---
security_tests:
  phpwiki_lfi:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.