CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the defaultcommentdisplay parameter in an update action...

7.5CVSS8.7AI score0.00206EPSS

Exploits7References1

RedhatCVE•added 2025/05/22 4:46 a.m.•6 views

CVE-2011-4451

libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spamlogging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlogpath file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the...

4.3CVSS7.3AI score0.63617EPSS

Exploits8References1

RedhatCVE•added 2025/05/22 4:46 a.m.•5 views

CVE-2011-4452

Cross-site request forgery CSRF vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an image action...

6.8CVSS7.5AI score0.0017EPSS

Exploits6References1

RedhatCVE•added 2025/05/22 1:2 a.m.•3 views

CVE-2011-4450

Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. dot dot in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action...

6.4CVSS6.9AI score0.04702EPSS

Exploits7References1

RedhatCVE•added 2025/05/22 1:2 a.m.•6 views

CVE-2011-4449

actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANETMODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a...

6.8CVSS7.8AI score0.04528EPSS

Exploits11References1

seebug.org•added 2014/07/01 12:0 a.m.•9878 views

WikkaWiki 1.3.2 Spam Logging PHP Injection

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

7.1AI score0.04528EPSS

Exploits11

seebug.org•added 2014/07/01 12:0 a.m.•14 views

WikkaWiki 1.1.6 TextSearch.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15860/info WikkaWiki is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary scri...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•5494 views

WikkaWiki <= 1.3.2 - Multiple Security Vulnerabilities

No description provided by source. ---------------------------------------------------- WikkaWiki = 1.3.2 Multiple Security Vulnerabilities ---------------------------------------------------- author............: Egidio Romano aka EgiX mail..............: n0b0d13satgmaildotcom software link.....:...

7.5CVSS6.4AI score0.63617EPSS

Exploits17

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by