Lucene search
Copyright (C) 2011 Greenbone AGOPENVAS:1361412562310103350HistoryDec 01, 2011 - 12:00 a.m.
WikkaWiki Multiple Security Vulnerabilities
2011-12-0100:00:00
Copyright (C) 2011 Greenbone AG
plugins.openvas.org
156
7.7 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.016 Low
EPSS
Percentile
87.4%
WikkaWiki is prone to multiple security vulnerabilities, including:
-
An SQL injection vulnerability.
-
An arbitrary file upload vulnerability.
-
An arbitrary file deletion vulnerability.
-
An arbitrary file download vulnerability.
-
A PHP code injection vulnerability.
# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.103350");
script_cve_id("CVE-2011-4448", "CVE-2011-4449", "CVE-2011-4450", "CVE-2011-4451");
script_version("2023-12-13T05:05:23+0000");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("WikkaWiki Multiple Security Vulnerabilities");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50866");
script_xref(name:"URL", value:"http://www.securityfocus.com/archive/1/520687");
script_tag(name:"last_modification", value:"2023-12-13 05:05:23 +0000 (Wed, 13 Dec 2023)");
script_tag(name:"creation_date", value:"2011-12-01 11:51:48 +0100 (Thu, 01 Dec 2011)");
script_tag(name:"qod_type", value:"remote_vul");
script_category(ACT_ATTACK);
script_family("Web application abuses");
script_copyright("Copyright (C) 2011 Greenbone AG");
script_dependencies("find_service.nasl", "no404.nasl", "webmirror.nasl", "DDI_Directory_Scanner.nasl", "gb_php_http_detect.nasl", "global_settings.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_tag(name:"summary", value:"WikkaWiki is prone to multiple security vulnerabilities, including:
- An SQL injection vulnerability.
- An arbitrary file upload vulnerability.
- An arbitrary file deletion vulnerability.
- An arbitrary file download vulnerability.
- A PHP code injection vulnerability.");
script_tag(name:"impact", value:"Attackers can exploit these issues to modify the logic of SQL queries.
Upload, delete, or download arbitrary files, or inject and execute arbitrary PHP code in the context of
the affected application. Other attacks may also be possible.");
script_tag(name:"affected", value:"WikkaWiki 1.3.2 and prior versions are vulnerable.");
script_tag(name:"solution", value:"No known solution was made available for at least one year since
the disclosure of this vulnerability. Likely none will be provided anymore. General solution options
are to upgrade to a newer release, disable respective features, remove the product or replace the
product by another one.");
script_tag(name:"solution_type", value:"WillNotFix");
exit(0);
}
include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
include("list_array_func.inc");
port = http_get_port( default:80 );
if( ! http_can_host_php( port:port ) ) exit( 0 );
foreach dir( make_list_unique( "/wikka", "/wikki", http_cgi_dirs( port:port ) ) ) {
if( dir == "/" ) dir = "";
buf = http_get_cache(item:dir + "/index.php", port:port);
if(!buf || "Location: wikka.php" >!< buf)
continue;
url = string(dir, "/test/files.xml?action=download&file=/../../wikka.config.php");
if( http_vuln_check( port:port, url:url, pattern:"mysql_host", extra_check:make_list( "mysql_database", "mysql_user", "mysql_password" ) ) ) {
report = http_report_vuln_url( port:port, url:url );
security_message( port:port, data:report );
exit( 0 );
}
}
exit( 99 );
Related
openvas
openvas
WikkaWiki Multiple Security Vulnerabilities
2011-12-01 00:00:00
Zenphoto <= 1.4.2 Multiple Vulnerabilities - Active Check
2012-02-09 00:00:00
Zenphoto Multiple Security Vulnerabilities
2012-02-09 00:00:00
packetstorm
packetstorm
WikkaWiki 1.3.2 Code Execution / Shell Upload / SQL Injection
2011-11-30 00:00:00
WikkaWiki 1.3.2 Spam Logging PHP Injection
2012-05-11 00:00:00
seebug
seebug
WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities
2011-12-01 00:00:00
WikkaWiki <= 1.3.2 - Multiple Security Vulnerabilities
2014-07-01 00:00:00
exploitpack
exploitpack
WikkaWiki 1.3.2 - Multiple Vulnerabilities
2011-11-30 00:00:00
securityvulns
securityvulns
WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities
2011-12-04 00:00:00
exploitdb
exploitdb
WikkaWiki 1.3.2 - Multiple Vulnerabilities
2011-11-30 00:00:00
dsquare
dsquare
WikkaWiki 1.3.1 SQL Injection
2013-01-20 00:00:00
prion
prion
Design/Logic Flaw
2012-09-05 20:55:00
Sql injection
2012-09-05 20:55:00
Code injection
2012-09-05 20:55:00
cve
cve
checkpoint_advisories
checkpoint_advisories
WikkaWiki Spam Logging PHP Injection (CVE-2011-4449)
2013-11-04 00:00:00
7.7 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.016 Low
EPSS
Percentile
87.4%
Related for OPENVAS:1361412562310103350