Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wikkawiki wikkawiki 1.3.2 vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2011-4448
SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote malicious users to execute arbitrary SQL commands via the default_comment_display parameter in an update action.
Wikkawiki Wikkawiki 1.3.1
Wikkawiki Wikkawiki 1.3.2
1 EDB exploit
690
VMScore
CVE-2011-4449
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote malicious users to execute arbitrary PHP code by ...
Wikkawiki Wikkawiki 1.3.2
Wikkawiki Wikkawiki 1.3.1
2 EDB exploits
685
VMScore
CVE-2011-4452
Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote malicious users to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{i...
Wikkawiki Wikkawiki 1.3.2
Wikkawiki Wikkawiki 1.3.1
1 EDB exploit
645
VMScore
CVE-2011-4450
Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote malicious users to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a do...
Wikkawiki Wikkawiki 1.3.1
Wikkawiki Wikkawiki 1.3.2
1 EDB exploit
435
VMScore
CVE-2011-4451
libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote malicious users to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the...
Wikkawiki Wikkawiki 1.3.2
Wikkawiki Wikkawiki 1.3.1
1 EDB exploit
383
VMScore
CVE-2013-5586
Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki prior to 1.3.4-p1 allows remote malicious users to inject arbitrary web script or HTML via the wakka parameter to sql/.
Wikkawiki Wikkawiki 1.1.5.3
Wikkawiki Wikkawiki 1.1.5.2
Wikkawiki Wikkawiki 1.1.5.1
Wikkawiki Wikkawiki 1.1.3.5
Wikkawiki Wikkawiki 1.1.3.4
Wikkawiki Wikkawiki 1.0.6
Wikkawiki Wikkawiki 1.0.5
Wikkawiki Wikkawiki 1.1.6.5
Wikkawiki Wikkawiki 1.1.6.6
Wikkawiki Wikkawiki 1.1.6.2
Wikkawiki Wikkawiki 1.1.6.1
Wikkawiki Wikkawiki 1.1.3.9
Wikkawiki Wikkawiki 1.1.3.8
Wikkawiki Wikkawiki 1.1.3.1
Wikkawiki Wikkawiki 1.1.3
Wikkawiki Wikkawiki 1.1.6.0
Wikkawiki Wikkawiki 1.1.5.4
Wikkawiki Wikkawiki 1.1.3.7
Wikkawiki Wikkawiki 1.1.3.6
Wikkawiki Wikkawiki 1.1.2
Wikkawiki Wikkawiki 1.1.0
Wikkawiki Wikkawiki 1.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started