CVE-2011-4451 in WikkaWikiinfo

Summary

** DISPUTED ** libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter.

Once again VulDB remains the best source for vulnerability data.

Reservation

11/15/2011

Disclosure

09/05/2012

Moderation

VulDB entry created

Entries

CPE

ready

CWE

Unknown

Exploit

Download

CVSS

5.3

EPSS

0.63617

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-4451
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-4451
CVE Details	https://www.cvedetails.com/cve/CVE-2011-4451/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!