CVE-2011-4449
published 2012-09-05CVE-2011-4449: actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from…
PriorityP345medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
4.14%
89.6th percentile
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wikkawiki | wikkawiki | — | — |
| wikkawiki | wikkawiki | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WikkaWiki 1.3.2 - Spam Logging PHP Injection (Metasploit)
exploitdb·2012-05-12
CVE-2011-4449 WikkaWiki 1.3.2 - Spam Logging PHP Injection (Metasploit)
WikkaWiki 1.3.2 - Spam Logging PHP Injection (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 "WikkaWiki 1.3.2 Spam Logging PHP Injection",
'Description' => %q{
This module exploits a vulnerability found in WikkaWiki. When the spam logging
feature is enabled, it is possible to inject PHP code into the spam log file via the
UserAgent header , and then request it to execute our payload. There are at least
three different ways to trigger spam protection, this module does so by generating
10 fake URLs in a comment (by default, the ma
Exploit-DB
WikkaWiki 1.3.2 - Multiple Vulnerabilities
exploitdb·2011-11-30·CVSS 7.5
CVE-2011-4452 [HIGH] WikkaWiki 1.3.2 - Multiple Vulnerabilities
WikkaWiki 1.3.2 - Multiple Vulnerabilities
---
WikkaWiki Query("
142. UPDATE ".$this->GetConfigValue('table_prefix')."users
143. SET email = '".mysql_real_escape_string($email)."',
144. doubleclickedit = '".mysql_real_escape_string($doubleclickedit)."',
145. show_comments = '".mysql_real_escape_string($show_comments)."',
146. default_comment_display = '".$default_comment_display."',
147. revisioncount = ".$revisioncount.",
148. changescount = ".$changescount.",
149. theme = '".mysql_real_escape_string($usertheme)."'
150. WHERE name = '".$user['name']."'
151. LIMIT 1"
152. );
When handling 'update' action, 'default_comment_display' is the only parameter that isn't sanitized with
mysql_real_escape_string(), this can be exploited to inject arbitrary SQL code. Because of this is a multiple
No writeups or analysis indexed.
2012-09-05
Published