Vulnerabilities > CVE-2011-4449 - Unspecified vulnerability in Wikkawiki 1.3.1/1.3.2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
description WikkaWiki 1.3.2 Spam Logging PHP Injection. CVE-2011-4449. Webapps exploit for php platform id EDB-ID:18865 last seen 2016-02-02 modified 2012-05-12 published 2012-05-12 reporter metasploit source https://www.exploit-db.com/download/18865/ title WikkaWiki 1.3.2 Spam Logging PHP Injection description WikkaWiki <= 1.3.2 - Multiple Security Vulnerabilities. CVE-2011-4448,CVE-2011-4449,CVE-2011-4450,CVE-2011-4451,CVE-2011-4452. Webapps exploit for php pla... id EDB-ID:18177 last seen 2016-02-02 modified 2011-11-30 published 2011-11-30 reporter EgiX source https://www.exploit-db.com/download/18177/ title WikkaWiki <= 1.3.2 - Multiple Security Vulnerabilities
Packetstorm
data source https://packetstormsecurity.com/files/download/107405/wikkawiki-sqlshellexec.txt id PACKETSTORM:107405 last seen 2016-12-05 published 2011-11-30 reporter EgiX source https://packetstormsecurity.com/files/107405/WikkaWiki-1.3.2-Code-Execution-Shell-Upload-SQL-Injection.html title WikkaWiki 1.3.2 Code Execution / Shell Upload / SQL Injection data source https://packetstormsecurity.com/files/download/112633/wikka_spam_exec.rb.txt id PACKETSTORM:112633 last seen 2016-12-05 published 2012-05-11 reporter EgiX source https://packetstormsecurity.com/files/112633/WikkaWiki-1.3.2-Spam-Logging-PHP-Injection.html title WikkaWiki 1.3.2 Spam Logging PHP Injection
Seebug
bulletinFamily exploit description No description provided by source. id SSV:24270 last seen 2017-11-19 modified 2011-12-01 published 2011-12-01 reporter Root source https://www.seebug.org/vuldb/ssvid-24270 title WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities bulletinFamily exploit description No description provided by source. id SSV:72373 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-72373 title WikkaWiki <= 1.3.2 - Multiple Security Vulnerabilities