CVE-2011-4452
published 2012-09-05CVE-2011-4452: Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication…
PriorityP433medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.31%
81.3th percentile
Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wikkawiki | wikkawiki | — | — |
| wikkawiki | wikkawiki | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WikkaWiki 1.3.2 - Multiple Vulnerabilities
exploitdb·2011-11-30·CVSS 7.5
CVE-2011-4452 [HIGH] WikkaWiki 1.3.2 - Multiple Vulnerabilities
WikkaWiki 1.3.2 - Multiple Vulnerabilities
---
WikkaWiki Query("
142. UPDATE ".$this->GetConfigValue('table_prefix')."users
143. SET email = '".mysql_real_escape_string($email)."',
144. doubleclickedit = '".mysql_real_escape_string($doubleclickedit)."',
145. show_comments = '".mysql_real_escape_string($show_comments)."',
146. default_comment_display = '".$default_comment_display."',
147. revisioncount = ".$revisioncount.",
148. changescount = ".$changescount.",
149. theme = '".mysql_real_escape_string($usertheme)."'
150. WHERE name = '".$user['name']."'
151. LIMIT 1"
152. );
When handling 'update' action, 'default_comment_display' is the only parameter that isn't sanitized with
mysql_real_escape_string(), this can be exploited to inject arbitrary SQL code. Because of this is a multiple
Exploit-DB
Sun Java Applet2ClassLoader - Remote Code Execution (Metasploit)
exploitdb·2011-03-16
CVE-2010-4452 Sun Java Applet2ClassLoader - Remote Code Execution (Metasploit)
Sun Java Applet2ClassLoader - Remote Code Execution (Metasploit)
---
##
# $Id: java_codebase_trust.rb 11983 2011-03-16 05:01:29Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
require 'rex'
class Metasploit3 'Sun Java Applet2ClassLoader Remote Code Execution Exploit',
'Description' => %q{
This module exploits a vulnerability in Java Runtime Environment
that allows an attacker to escape the Java Sandbox. By supplying a
codebase that points at a trusted directory and a code that is a URL that
does not contain an dots an applet can run without the sandb
http://wush.net/trac/wikka/changeset/1819http://wush.net/trac/wikka/changeset/1832http://wush.net/trac/wikka/ticket/1097http://wush.net/trac/wikka/ticket/1098http://wush.net/trac/wikka/changeset/1819http://wush.net/trac/wikka/changeset/1832http://wush.net/trac/wikka/ticket/1097http://wush.net/trac/wikka/ticket/1098
2012-09-05
Published