CVE-2011-4449

actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:wikkawiki:wikkawiki:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:wikkawiki:wikkawiki:1.3.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-09-05 20:55

Updated : 2024-02-04 18:16


NVD link : CVE-2011-4449

Mitre link : CVE-2011-4449

CVE.ORG link : CVE-2011-4449


JSON object : View

Products Affected

wikkawiki

  • wikkawiki