Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4450

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2011-4450
Last Modified 13 Sep 2012 12:00:00
Published 05 Sep 2012 04:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4450

Summary

Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action.

Vulnerable Systems

Application

  • Wikkawiki 1.3.1

  • Wikkawiki 1.3.2


References

CONFIRM - http://wush.net/trac/wikka/ticket/1097

CONFIRM - http://wush.net/trac/wikka/changeset/1828


Last Updated: 27 May 2016 11:00:28