Wikkawiki

wikkawiki

13 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (13)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-5586 1Wikkawiki 1Wikkawiki Apr 29, 2026 Sep 25, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/.
CVE-2011-4452 1Wikkawiki 1Wikkawiki Apr 29, 2026 Sep 5, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user acco...Show more Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action.Show less
CVE-2011-4451 1Wikkawiki 1Wikkawiki Apr 29, 2026 Sep 5, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment req...Show more libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreterShow less
CVE-2011-4450 1Wikkawiki 1Wikkawiki Apr 29, 2026 Sep 5, 2012 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demons...Show more Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action.Show less
CVE-2011-4449 1Wikkawiki 1Wikkawiki Apr 29, 2026 Sep 5, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier...Show more actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.Show less
CVE-2011-4448 1Wikkawiki 1Wikkawiki Apr 29, 2026 Sep 5, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action.
CVE-2007-2613 1Wikkawiki 1Wikkawiki Apr 23, 2026 May 11, 2007 N/A· v4 N/A· v3 8.3 HIGH· v2 WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable.
CVE-2007-2612 1Wikkawiki 1Wikkawiki Apr 23, 2026 May 11, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only applies to a "modifie...Show more SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only applies to a "modified installation."Show less
CVE-2007-2552 1Wikkawiki 1Wikkawiki Apr 23, 2026 May 9, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds.
CVE-2007-2551 1Wikkawiki 1Wikkawiki Apr 23, 2026 May 9, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2006-7050 1Wikkawiki 1Wikkawiki Apr 23, 2026 Feb 24, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in for...Show more Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in wikka.php.Show less
CVE-2006-7049 1Wikkawiki 1Wikkawiki Apr 23, 2026 Feb 24, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary P...Show more The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files.Show less
CVE-2005-4255 1Wikkawiki 1Wikkawiki Apr 16, 2026 Dec 15, 2005 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter.