Vulnerabilities > Wikkawiki > Wikkawiki > 1.3.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-09-25 | CVE-2013-5586 | Cross-Site Scripting vulnerability in Wikkawiki Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/. | 4.3 |
2012-09-05 | CVE-2011-4452 | Cross-Site Request Forgery (CSRF) vulnerability in Wikkawiki 1.3.1/1.3.2 Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action. | 6.8 |
2012-09-05 | CVE-2011-4450 | Path Traversal vulnerability in Wikkawiki 1.3.1/1.3.2 Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. | 6.4 |
2012-09-05 | CVE-2011-4449 | Unspecified vulnerability in Wikkawiki 1.3.1/1.3.2 actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file. network wikkawiki | 6.8 |
2012-09-05 | CVE-2011-4448 | SQL Injection vulnerability in Wikkawiki 1.3.1/1.3.2 SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action. | 7.5 |