Candidate: CVE-2013-7448
PublicDate: 2016-02-23 19:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7448
 https://github.com/OpenedHand/didiwiki/pull/1/files
 http://www.openwall.com/lists/oss-security/2016/02/19/4
Description:
 Directory traversal vulnerability in wiki.c in didiwiki allows remote
 attackers to read arbitrary files via the page parameter to api/page/get.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815111
Priority: medium
Discovered-by: Alexander Izmailov
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_didiwiki:
 upstream: https://github.com/OpenedHand/didiwiki/pull/1/files
upstream_didiwiki: released (0.5-12)
precise_didiwiki: released (0.5-9+deb6u1build0.12.04.1)
trusty_didiwiki: released (0.5-11+deb8u1build0.14.04.1)
trusty/esm_didiwiki: DNE (trusty was released [0.5-11+deb8u1build0.14.04.1])
vivid/stable-phone-overlay_didiwiki: DNE
vivid/ubuntu-core_didiwiki: DNE
wily_didiwiki: released (0.5-11+deb8u1build0.15.10.1)
devel_didiwiki: not-affected (0.5-12)