Skip to content

Sensitive Data: phpwiki 1.5.4 - Cross-Site Scripting/Local File Inclusion¶

Identifier: phpwiki_lfi

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

phpwiki 1.5.4 is vulnerable to cross-site scripting and local file inclusion, and allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint.

Reference:

https://www.exploit-db.com/exploits/38027

Configuration¶

Example¶

Example configuration:

---
security_tests:
  phpwiki_lfi:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.