PHP remote file include vulnerability in Yawp library 1.0.6 and earlier, as used in YaWiki and possibly other products, allows remote attackers to include arbitrary files via the _Yawp[conf_path] parameter.
| Software | From | Fixed in |
|---|---|---|
| yawp / yawp | 1.0.0 | 1.0.0.x |
| yawp / yawp | 1.0.1 | 1.0.1.x |
| yawp / yawp | 1.0.2 | 1.0.2.x |
| yawp / yawp | 1.0.3 | 1.0.3.x |
| yawp / yawp | 1.0.4 | 1.0.4.x |
| yawp / yawp | 1.0.5 | 1.0.5.x |
| yawp / yawp | 1.0.6 | 1.0.6.x |