Sensitive Data: phpwiki 1.5.4 - Cross-Site Scripting/Local File Inclusion¶

Identifier: phpwiki_lfi

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

phpwiki 1.5.4 is vulnerable to cross-site scripting and local file inclusion, allowing remote unauthenticated attackers to include and return the content of locally stored files via the index.php endpoint.

How we test: We test for local file inclusion vulnerabilities in phpwiki by injecting file path payloads into the index.php endpoint and analyzing responses to detect if local files can be included and their contents exposed.

Reference:

https://www.exploit-db.com/exploits/38027

Configuration¶

Example¶

Example configuration:

---
security_tests:
  phpwiki_lfi:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.