← Back

CVE-2011-4449

nvd nist
Published: Sep 5, 2012Modified: Apr 29, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.

Affected (2)

Products: Wikkawiki: Wikkawiki
Wikkawiki
1 product
Wikkawiki
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Wikkawiki
Wikkawiki
Version 1.3.1
Wikkawiki
Version 1.3.2

References (4)

Source: cve@mitre.org
ExploitPatch
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.