Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote malicious users to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wikkawiki wikkawiki 1.3.1 |
||
wikkawiki wikkawiki 1.3.2 |