Published: 05/09/2012 Updated: 11/04/2024

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote malicious users to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter

Vulnerable Product	Search on Vulmon	Subscribe to Product
wikkawiki wikkawiki 1.3.2
wikkawiki wikkawiki 1.3.1

---------------------------------------------------- WikkaWiki <= 132 Multiple Security Vulnerabilities ---------------------------------------------------- author: Egidio Romano aka EgiX mail: n0b0d13s[at]gmail[dot]com software link: wikkawikiorg/ +--------------------------------- ...

WikkaWiki versions 132 and below suffers from remote SQL injection, unrestricted file upload, arbitrary file download, arbitrary file deletion, remote code execution and cross site request forgery vulnerabilities ...

NVD-CWE-noinfo http://wush.net/trac/wikka/ticket/1098 https://nvd.nist.gov https://www.exploit-db.com/exploits/18177/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-4451

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect