CVE-2011-4448
published 2012-09-05CVE-2011-4448: SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.94%
77.6th percentile
SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wikkawiki | wikkawiki | — | — |
| wikkawiki | wikkawiki | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat2.6LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rr3p-9587-qg5m: SQL injection vulnerability in actions/usersettings/usersettings
ghsa_unreviewed·2022-05-17
CVE-2011-4448 [HIGH] CWE-89 GHSA-rr3p-9587-qg5m: SQL injection vulnerability in actions/usersettings/usersettings
SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action.
Red Hat
OpenJDK DNS cache poisoning by untrusted applets (6981922)
vendor_redhat·2011-02-15·CVSS 2.6
CVE-2010-4448 [LOW] OpenJDK DNS cache poisoning by untrusted applets (6981922)
OpenJDK DNS cache poisoning by untrusted applets (6981922)
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets."
No detection rules found.
2012-09-05
Published