CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2011-4449

actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.045

EPSS Ranking 88.7%

CVSS Severity

CVSS v2 Score 6.8

References

http://wush.net/trac/wikka/changeset/1822
http://wush.net/trac/wikka/ticket/1097
http://wush.net/trac/wikka/changeset/1822
http://wush.net/trac/wikka/ticket/1097

Products affected by CVE-2011-4449

Wikkawiki » Wikkawiki » Version: 1.3.1

cpe:2.3:a:wikkawiki:wikkawiki:1.3.1
Wikkawiki » Wikkawiki » Version: 1.3.2

cpe:2.3:a:wikkawiki:wikkawiki:1.3.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-4449

Products

Pricing

Contact Us