Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4449

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-4449
Last Modified 07 Sep 2012 12:24:00
Published 05 Sep 2012 04:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4449

Summary

actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.

Vulnerable Systems

Application

  • Wikkawiki 1.3.1

  • Wikkawiki 1.3.2


References

CONFIRM - http://wush.net/trac/wikka/ticket/1097

CONFIRM - http://wush.net/trac/wikka/changeset/1822


Last Updated: 27 May 2016 11:00:28