PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 allows remote attackers to execute arbitrary PHP code via the TemplateDir variable, as demonstrated using conflict.php.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| wikkitikkitavi | wikkitikkitavi | 0.10 |
| wikkitikkitavi | wikkitikkitavi | 0.20 |
| wikkitikkitavi | wikkitikkitavi | 0.5 |