Search criteria
39 vulnerabilities found for wikkawiki by wikkawiki
FKIE_CVE-2013-5586
Vulnerability from fkie_nvd - Published: 2013-09-25 14:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2C4044-EE06-46E0-B856-C24D44F832A1",
"versionEndIncluding": "1.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8BBFBDDF-340B-42DD-82D5-9F1C97309F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24328754-DB33-4BF2-8095-4B04596F44A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54A19C50-BE38-44BA-85A9-B7BB21FE0285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0F0807-FF8F-4615-8D90-34B74F06B760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99A2D10A-AEC5-4410-9985-6D1D8D36662E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "485DF165-CBCD-4DDE-A66C-B1314D5D64FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "785DC259-B898-4C53-9A91-C5E2FBAA9D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "823B32E0-2B07-4F95-AD04-E5138545ACF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "195AA77E-3E2E-4FBA-9A72-28A005D14D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7DACC9F6-0A41-4AF2-B9A0-56338AE5DFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A235CF8-BC94-41E9-9108-C9C1E11734FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20B87DF2-22BD-4DB5-967E-1B481CBD8AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D498AB-447E-40F0-97FB-4E3E53DA3DA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "94AEF8AB-D252-451F-B154-E1959258CF60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F01892A2-2E19-452B-865B-617EC339EAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFD9553-79A4-4E08-855D-235F3E550961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DA8A33FC-163F-48FE-8EB0-5F77ED6003F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "819C68BB-8524-4255-BDAB-EE6E9F5FF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1FEDA43A-50DB-4099-854D-90B50F92AFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0BBE1816-5DBC-48FE-AF4D-19696E4A971F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "271C7C9A-F265-4D87-B519-EA1E377D9F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76E70D35-6961-49E3-8D59-B1E9BB128A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C63284D6-7EE8-4645-B245-9DEC9A5D43D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6EA7B3-DEA4-47F2-B888-3B0FA3471AA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A20EDAF7-CC5F-4554-A51E-229FFF9BAB2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68D9E066-FB0F-470B-9B7B-7401361F97BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17D503D2-77F1-412C-BD3C-C57B49D67A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B35B9814-5B18-4647-9AED-2ADDC54DBFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EFFEFF07-D385-4C62-892B-4E0267738285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEEEBC0-69E0-4364-BD4E-69B8972B36DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FF229F0E-867C-4CAC-B9FA-B75C8B1BEB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FE37CAF4-D18F-464E-8241-B80E21DB31DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "76486223-1A52-4C9C-A185-D1D648FD7456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "63F5FD8C-02BB-4208-AEF8-11797376DA23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C44D576A-77E7-4E70-9E17-41E96A9A4A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FDFFD0D-26FB-4A93-9F67-B0A21D18AA62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en wikka.php en WikkaWiki anterior a v1.3.4-p1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s del par\u00e1metro \"wakka\" a sql."
}
],
"id": "CVE-2013-5586",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-09-25T14:55:04.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0048.html"
},
{
"source": "cve@mitre.org",
"url": "http://docs.wikkawiki.org/WhatsNew134"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/97183"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/123196"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2013/Sep/47"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54790"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/62325"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87013"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://wush.net/trac/wikka/changeset/1896"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://wush.net/trac/wikka/changeset/1900"
},
{
"source": "cve@mitre.org",
"url": "https://wush.net/trac/wikka/ticket/1152"
},
{
"source": "cve@mitre.org",
"url": "https://wush.net/trac/wikka/ticket/1153"
},
{
"source": "cve@mitre.org",
"url": "https://www.htbridge.com/advisory/HTB23170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.wikkawiki.org/WhatsNew134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/97183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/123196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2013/Sep/47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://wush.net/trac/wikka/changeset/1896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://wush.net/trac/wikka/changeset/1900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wush.net/trac/wikka/ticket/1152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wush.net/trac/wikka/ticket/1153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.htbridge.com/advisory/HTB23170"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4451
Vulnerability from fkie_nvd - Published: 2012-09-05 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "63F5FD8C-02BB-4208-AEF8-11797376DA23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C44D576A-77E7-4E70-9E17-41E96A9A4A2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter"
},
{
"lang": "es",
"value": "** EN DISPUTA ** libs/Wakka.class.php en WikkaWiki v1.3.1 y v1.3.2, cuando la opci\u00f3n spam_logging est\u00e1 activada, permite a atacantes remotos para escribir c\u00f3digo PHP arbitrario en el archivo spamlog_path a trav\u00e9s de la cabecera User-Agent en un addComment petici\u00f3n. NOTA: el vendedor se opone a esta cuesti\u00f3n, porque nunca la prestaci\u00f3n del archivo spamlog_path utiliza el int\u00e9rprete de PHP."
}
],
"id": "CVE-2011-4451",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-05T20:55:01.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://wush.net/trac/wikka/ticket/1098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://wush.net/trac/wikka/ticket/1098"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4452
Vulnerability from fkie_nvd - Published: 2012-09-05 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "63F5FD8C-02BB-4208-AEF8-11797376DA23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C44D576A-77E7-4E70-9E17-41E96A9A4A2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de peticiones en sitios cruzados (CSRF) en el componente AdminUsers en WikkaWiki v1.3.1 y v1.3.2 permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores de las peticiones que elimina cuentas de usuario arbitrarios a trav\u00e9s de una operaci\u00f3n de eliminaci\u00f3n, como lo demuestra un acci\u00f3n {{imagen }}."
}
],
"id": "CVE-2011-4452",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-05T20:55:01.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://wush.net/trac/wikka/changeset/1819"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://wush.net/trac/wikka/changeset/1832"
},
{
"source": "cve@mitre.org",
"url": "http://wush.net/trac/wikka/ticket/1097"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://wush.net/trac/wikka/ticket/1098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://wush.net/trac/wikka/changeset/1819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://wush.net/trac/wikka/changeset/1832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wush.net/trac/wikka/ticket/1097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://wush.net/trac/wikka/ticket/1098"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4449
Vulnerability from fkie_nvd - Published: 2012-09-05 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://wush.net/trac/wikka/changeset/1822 | Exploit, Patch | |
| cve@mitre.org | http://wush.net/trac/wikka/ticket/1097 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://wush.net/trac/wikka/changeset/1822 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://wush.net/trac/wikka/ticket/1097 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "63F5FD8C-02BB-4208-AEF8-11797376DA23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C44D576A-77E7-4E70-9E17-41E96A9A4A2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file."
},
{
"lang": "es",
"value": "El archivo actions/files/files.php en WikkaWiki versiones 1.3.1 y 1.3.2, cuando INTRANET_MODE est\u00e1 habilitado, soporta cargas de archivos para extensiones de archivo que normalmente est\u00e1n ausentes desde un archivo TypesConfig de Apache HTTP Server, lo que le facilita a atacantes remotos ejecutar c\u00f3digo PHP arbitrario mediante la colocaci\u00f3n de este c\u00f3digo en un archivo cuyo nombre tiene varias extensiones, como es demostrado por una archivo (1) .mm o (2) .vpp."
}
],
"id": "CVE-2011-4449",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-05T20:55:01.163",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://wush.net/trac/wikka/changeset/1822"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://wush.net/trac/wikka/changeset/1822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4448
Vulnerability from fkie_nvd - Published: 2012-09-05 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://wush.net/trac/wikka/changeset/1820 | Exploit, Patch | |
| cve@mitre.org | http://wush.net/trac/wikka/ticket/1097 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://wush.net/trac/wikka/changeset/1820 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://wush.net/trac/wikka/ticket/1097 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "63F5FD8C-02BB-4208-AEF8-11797376DA23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C44D576A-77E7-4E70-9E17-41E96A9A4A2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en actions/usersettings/usersettings.php en WikkaWiki v1.3.1 y v1.3.2 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro default_comment_display en una acci\u00f3n de actualizaci\u00f3n."
}
],
"id": "CVE-2011-4448",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-05T20:55:01.083",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://wush.net/trac/wikka/changeset/1820"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://wush.net/trac/wikka/changeset/1820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4450
Vulnerability from fkie_nvd - Published: 2012-09-05 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "63F5FD8C-02BB-4208-AEF8-11797376DA23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C44D576A-77E7-4E70-9E17-41E96A9A4A2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action."
},
{
"lang": "es",
"value": "Vulnerabilidad de recorrido de directorio en handlers/files.xml/files.xml.php en WikkaWiki v1.3.1 y v1.3.2 permite a atacantes remotos leer o borrar archivos de su elecci\u00f3n a trav\u00e9s de un non-initial .. (punto punto) en el par\u00e1metro del archivo, como lo demuestra el /../../wikka.config.php en una acci\u00f3n de descarga."
}
],
"id": "CVE-2011-4450",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-05T20:55:01.193",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://wush.net/trac/wikka/changeset/1828"
},
{
"source": "cve@mitre.org",
"url": "http://wush.net/trac/wikka/ticket/1097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://wush.net/trac/wikka/changeset/1828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wush.net/trac/wikka/ticket/1097"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-2613
Vulnerability from fkie_nvd - Published: 2007-05-11 10:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "796B2289-18DA-4FFD-9FA4-CCF19910BA71",
"versionEndIncluding": "1.1.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable."
},
{
"lang": "es",
"value": "WikkaWiki (Wikka Wiki) versiones anteriores a 1.1.6.3 permite a atacantes remotos en un entorno de servidor virtual compartido, enviar y ejecutar un fichero de configuraci\u00f3n de su elecci\u00f3n modificando la variable de entorno WAKKA_CONFIG."
}
],
"evaluatorSolution": "The vendor has addressed this issue through a product update:\r\nhttp://www.wikkawiki.org/downloads/",
"id": "CVE-2007-2613",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-11T10:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35825"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://wush.net/trac/wikka/ticket/98"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://wush.net/trac/wikka/ticket/98"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1725"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-2612
Vulnerability from fkie_nvd - Published: 2007-05-11 10:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only applies to a "modified installation."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "796B2289-18DA-4FFD-9FA4-CCF19910BA71",
"versionEndIncluding": "1.1.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only applies to a \"modified installation.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en libs/Wakka.class.php de WikkaWiki (Wikka Wiki) before 1.1.6.3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro limit.\r\nNOTA: esta vulnerabilidad solamente se aplica a \"instalaci\u00f3n modificada\"."
}
],
"id": "CVE-2007-2612",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-11T10:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35826"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://wush.net/trac/wikka/ticket/383"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://wush.net/trac/wikka/ticket/383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1725"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-2552
Vulnerability from fkie_nvd - Published: 2007-05-09 10:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wikkawiki | wikkawiki | * | |
| wikkawiki | wikkawiki | 1.0.0 | |
| wikkawiki | wikkawiki | 1.0.1 | |
| wikkawiki | wikkawiki | 1.0.2 | |
| wikkawiki | wikkawiki | 1.0.3 | |
| wikkawiki | wikkawiki | 1.0.4 | |
| wikkawiki | wikkawiki | 1.0.5 | |
| wikkawiki | wikkawiki | 1.0.6 | |
| wikkawiki | wikkawiki | 1.1.0 | |
| wikkawiki | wikkawiki | 1.1.2 | |
| wikkawiki | wikkawiki | 1.1.3 | |
| wikkawiki | wikkawiki | 1.1.3.1 | |
| wikkawiki | wikkawiki | 1.1.3.2 | |
| wikkawiki | wikkawiki | 1.1.3.3 | |
| wikkawiki | wikkawiki | 1.1.3.4 | |
| wikkawiki | wikkawiki | 1.1.3.5 | |
| wikkawiki | wikkawiki | 1.1.3.6 | |
| wikkawiki | wikkawiki | 1.1.3.7 | |
| wikkawiki | wikkawiki | 1.1.3.8 | |
| wikkawiki | wikkawiki | 1.1.3.9 | |
| wikkawiki | wikkawiki | 1.1.4.0 | |
| wikkawiki | wikkawiki | 1.1.5.0 | |
| wikkawiki | wikkawiki | 1.1.5.1 | |
| wikkawiki | wikkawiki | 1.1.5.2 | |
| wikkawiki | wikkawiki | 1.1.5.3 | |
| wikkawiki | wikkawiki | 1.1.5.4 | |
| wikkawiki | wikkawiki | 1.1.6.0 | |
| wikkawiki | wikkawiki | 1.1.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "796B2289-18DA-4FFD-9FA4-CCF19910BA71",
"versionEndIncluding": "1.1.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8BBFBDDF-340B-42DD-82D5-9F1C97309F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24328754-DB33-4BF2-8095-4B04596F44A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54A19C50-BE38-44BA-85A9-B7BB21FE0285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0F0807-FF8F-4615-8D90-34B74F06B760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99A2D10A-AEC5-4410-9985-6D1D8D36662E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "485DF165-CBCD-4DDE-A66C-B1314D5D64FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "785DC259-B898-4C53-9A91-C5E2FBAA9D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "823B32E0-2B07-4F95-AD04-E5138545ACF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "195AA77E-3E2E-4FBA-9A72-28A005D14D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7DACC9F6-0A41-4AF2-B9A0-56338AE5DFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A235CF8-BC94-41E9-9108-C9C1E11734FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20B87DF2-22BD-4DB5-967E-1B481CBD8AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D498AB-447E-40F0-97FB-4E3E53DA3DA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "94AEF8AB-D252-451F-B154-E1959258CF60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F01892A2-2E19-452B-865B-617EC339EAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFD9553-79A4-4E08-855D-235F3E550961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DA8A33FC-163F-48FE-8EB0-5F77ED6003F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "819C68BB-8524-4255-BDAB-EE6E9F5FF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1FEDA43A-50DB-4099-854D-90B50F92AFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0BBE1816-5DBC-48FE-AF4D-19696E4A971F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "271C7C9A-F265-4D87-B519-EA1E377D9F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76E70D35-6961-49E3-8D59-B1E9BB128A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C63284D6-7EE8-4645-B245-9DEC9A5D43D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6EA7B3-DEA4-47F2-B888-3B0FA3471AA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A20EDAF7-CC5F-4554-A51E-229FFF9BAB2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68D9E066-FB0F-470B-9B7B-7401361F97BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:1.1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17D503D2-77F1-412C-BD3C-C57B49D67A2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds."
},
{
"lang": "es",
"value": "La funci\u00f3n RecentChanges en WikkaWiki (Wikka Wiki) verione anteriores a la 1.1.6.3 permite a los atacantes remotos obtener los nombres, y posiblemente las notas y fechas de revisi\u00f3n, de las p\u00e1ginas privadas a trav\u00e9s de fuentes RSS."
}
],
"id": "CVE-2007-2552",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-09T10:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35827"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25181"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"source": "cve@mitre.org",
"url": "http://wush.net/trac/wikka/ticket/305"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2007-May/001607.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23894"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wush.net/trac/wikka/ticket/305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2007-May/001607.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-2551
Vulnerability from fkie_nvd - Published: 2007-05-09 10:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "796B2289-18DA-4FFD-9FA4-CCF19910BA71",
"versionEndIncluding": "1.1.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en usersettings.php de WikkaWiki (Wikka Wiki) anterior a 1.1.6.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el par\u00e1metro name."
}
],
"id": "CVE-2007-2551",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-05-09T10:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35828"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25181"
},
{
"source": "cve@mitre.org",
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"source": "cve@mitre.org",
"url": "http://wush.net/trac/wikka/ticket/363"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23894"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wush.net/trac/wikka/ticket/363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1725"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-5586 (GCVE-0-2013-5586)
Vulnerability from cvelistv5 – Published: 2013-09-25 14:00 – Updated: 2024-08-06 17:15
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wush.net/trac/wikka/ticket/1152"
},
{
"name": "wikkawiki-cve20135586-xss(87013)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87013"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wush.net/trac/wikka/changeset/1896"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123196"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wush.net/trac/wikka/changeset/1900"
},
{
"name": "20130911 Cross-Site Scripting (XSS) in WikkaWiki",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Sep/47"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.wikkawiki.org/WhatsNew134"
},
{
"name": "20130911 Cross-Site Scripting (XSS) in WikkaWiki",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0048.html"
},
{
"name": "97183",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/97183"
},
{
"name": "62325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62325"
},
{
"name": "54790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54790"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23170"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wush.net/trac/wikka/ticket/1153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wush.net/trac/wikka/ticket/1152"
},
{
"name": "wikkawiki-cve20135586-xss(87013)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87013"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wush.net/trac/wikka/changeset/1896"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123196"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wush.net/trac/wikka/changeset/1900"
},
{
"name": "20130911 Cross-Site Scripting (XSS) in WikkaWiki",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Sep/47"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.wikkawiki.org/WhatsNew134"
},
{
"name": "20130911 Cross-Site Scripting (XSS) in WikkaWiki",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0048.html"
},
{
"name": "97183",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/97183"
},
{
"name": "62325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62325"
},
{
"name": "54790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54790"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23170"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wush.net/trac/wikka/ticket/1153"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wush.net/trac/wikka/ticket/1152",
"refsource": "CONFIRM",
"url": "https://wush.net/trac/wikka/ticket/1152"
},
{
"name": "wikkawiki-cve20135586-xss(87013)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87013"
},
{
"name": "https://wush.net/trac/wikka/changeset/1896",
"refsource": "CONFIRM",
"url": "https://wush.net/trac/wikka/changeset/1896"
},
{
"name": "http://packetstormsecurity.com/files/123196",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123196"
},
{
"name": "https://wush.net/trac/wikka/changeset/1900",
"refsource": "CONFIRM",
"url": "https://wush.net/trac/wikka/changeset/1900"
},
{
"name": "20130911 Cross-Site Scripting (XSS) in WikkaWiki",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Sep/47"
},
{
"name": "http://docs.wikkawiki.org/WhatsNew134",
"refsource": "CONFIRM",
"url": "http://docs.wikkawiki.org/WhatsNew134"
},
{
"name": "20130911 Cross-Site Scripting (XSS) in WikkaWiki",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0048.html"
},
{
"name": "97183",
"refsource": "OSVDB",
"url": "http://osvdb.org/97183"
},
{
"name": "62325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62325"
},
{
"name": "54790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54790"
},
{
"name": "https://www.htbridge.com/advisory/HTB23170",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23170"
},
{
"name": "https://wush.net/trac/wikka/ticket/1153",
"refsource": "CONFIRM",
"url": "https://wush.net/trac/wikka/ticket/1153"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5586",
"datePublished": "2013-09-25T14:00:00",
"dateReserved": "2013-08-23T00:00:00",
"dateUpdated": "2024-08-06T17:15:21.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4449 (GCVE-0-2011-4449)
Vulnerability from cvelistv5 – Published: 2012-09-05 20:00 – Updated: 2024-09-16 20:21
VLAI?
Summary
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/changeset/1822"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/changeset/1822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wush.net/trac/wikka/ticket/1097",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/1097"
},
{
"name": "http://wush.net/trac/wikka/changeset/1822",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/changeset/1822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4449",
"datePublished": "2012-09-05T20:00:00Z",
"dateReserved": "2011-11-15T00:00:00Z",
"dateUpdated": "2024-09-16T20:21:27.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4448 (GCVE-0-2011-4448)
Vulnerability from cvelistv5 – Published: 2012-09-05 20:00 – Updated: 2024-09-16 16:44
VLAI?
Summary
SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/changeset/1820"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/changeset/1820"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wush.net/trac/wikka/changeset/1820",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/changeset/1820"
},
{
"name": "http://wush.net/trac/wikka/ticket/1097",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/1097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4448",
"datePublished": "2012-09-05T20:00:00Z",
"dateReserved": "2011-11-15T00:00:00Z",
"dateUpdated": "2024-09-16T16:44:00.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4452 (GCVE-0-2011-4452)
Vulnerability from cvelistv5 – Published: 2012-09-05 20:00 – Updated: 2024-09-16 22:46
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/changeset/1832"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/1098"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/changeset/1819"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/changeset/1832"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/1098"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/changeset/1819"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wush.net/trac/wikka/changeset/1832",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/changeset/1832"
},
{
"name": "http://wush.net/trac/wikka/ticket/1098",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/1098"
},
{
"name": "http://wush.net/trac/wikka/changeset/1819",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/changeset/1819"
},
{
"name": "http://wush.net/trac/wikka/ticket/1097",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/1097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4452",
"datePublished": "2012-09-05T20:00:00Z",
"dateReserved": "2011-11-15T00:00:00Z",
"dateUpdated": "2024-09-16T22:46:47.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4450 (GCVE-0-2011-4450)
Vulnerability from cvelistv5 – Published: 2012-09-05 20:00 – Updated: 2024-09-16 19:51
VLAI?
Summary
Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/changeset/1828"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/changeset/1828"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wush.net/trac/wikka/changeset/1828",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/changeset/1828"
},
{
"name": "http://wush.net/trac/wikka/ticket/1097",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/1097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4450",
"datePublished": "2012-09-05T20:00:00Z",
"dateReserved": "2011-11-15T00:00:00Z",
"dateUpdated": "2024-09-16T19:51:52.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4451 (GCVE-0-2011-4451)
Vulnerability from cvelistv5 – Published: 2012-09-05 20:00 – Updated: 2024-09-16 20:52 Disputed
VLAI?
Summary
libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/1098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wush.net/trac/wikka/ticket/1098"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wush.net/trac/wikka/ticket/1098",
"refsource": "MISC",
"url": "http://wush.net/trac/wikka/ticket/1098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4451",
"datePublished": "2012-09-05T20:00:00Z",
"dateReserved": "2011-11-15T00:00:00Z",
"dateUpdated": "2024-09-16T20:52:22.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2612 (GCVE-0-2007-2612)
Vulnerability from cvelistv5 – Published: 2007-05-11 10:00 – Updated: 2024-08-07 13:42
VLAI?
Summary
SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only applies to a "modified installation."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/383"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "35826",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35826"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only applies to a \"modified installation.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/383"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "35826",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35826"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only applies to a \"modified installation.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1725",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"name": "http://wush.net/trac/wikka/ticket/383",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/383"
},
{
"name": "http://wikkawiki.org/WikkaReleaseNotes",
"refsource": "CONFIRM",
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "35826",
"refsource": "OSVDB",
"url": "http://osvdb.org/35826"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2612",
"datePublished": "2007-05-11T10:00:00",
"dateReserved": "2007-05-11T00:00:00",
"dateUpdated": "2024-08-07T13:42:33.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2613 (GCVE-0-2007-2613)
Vulnerability from cvelistv5 – Published: 2007-05-11 10:00 – Updated: 2024-08-07 13:42
VLAI?
Summary
WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35825",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35825"
},
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/98"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35825",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35825"
},
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/98"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35825",
"refsource": "OSVDB",
"url": "http://osvdb.org/35825"
},
{
"name": "ADV-2007-1725",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"name": "http://wikkawiki.org/WikkaReleaseNotes",
"refsource": "CONFIRM",
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "http://wush.net/trac/wikka/ticket/98",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/98"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2613",
"datePublished": "2007-05-11T10:00:00",
"dateReserved": "2007-05-11T00:00:00",
"dateUpdated": "2024-08-07T13:42:33.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2551 (GCVE-0-2007-2551)
Vulnerability from cvelistv5 – Published: 2007-05-09 10:00 – Updated: 2024-08-07 13:42
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "35828",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35828"
},
{
"name": "23894",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23894"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/363"
},
{
"name": "25181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25181"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-05-17T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "35828",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35828"
},
{
"name": "23894",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23894"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/363"
},
{
"name": "25181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25181"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1725",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"name": "http://wikkawiki.org/WikkaReleaseNotes",
"refsource": "CONFIRM",
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "35828",
"refsource": "OSVDB",
"url": "http://osvdb.org/35828"
},
{
"name": "23894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23894"
},
{
"name": "http://wush.net/trac/wikka/ticket/363",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/363"
},
{
"name": "25181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25181"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2551",
"datePublished": "2007-05-09T10:00:00",
"dateReserved": "2007-05-08T00:00:00",
"dateUpdated": "2024-08-07T13:42:33.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2552 (GCVE-0-2007-2552)
Vulnerability from cvelistv5 – Published: 2007-05-09 10:00 – Updated: 2024-08-07 13:42
VLAI?
Summary
The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070509 Clarification on WikkaWikki RSS feed severity (CVE-2007-2552)",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-May/001607.html"
},
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "23894",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23894"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/305"
},
{
"name": "35827",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35827"
},
{
"name": "25181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25181"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-05-17T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070509 Clarification on WikkaWikki RSS feed severity (CVE-2007-2552)",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-May/001607.html"
},
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "23894",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23894"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/305"
},
{
"name": "35827",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35827"
},
{
"name": "25181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25181"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070509 Clarification on WikkaWikki RSS feed severity (CVE-2007-2552)",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-May/001607.html"
},
{
"name": "ADV-2007-1725",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"name": "http://wikkawiki.org/WikkaReleaseNotes",
"refsource": "CONFIRM",
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "23894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23894"
},
{
"name": "http://wush.net/trac/wikka/ticket/305",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/305"
},
{
"name": "35827",
"refsource": "OSVDB",
"url": "http://osvdb.org/35827"
},
{
"name": "25181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25181"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2552",
"datePublished": "2007-05-09T10:00:00",
"dateReserved": "2007-05-08T00:00:00",
"dateUpdated": "2024-08-07T13:42:33.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5586 (GCVE-0-2013-5586)
Vulnerability from nvd – Published: 2013-09-25 14:00 – Updated: 2024-08-06 17:15
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wush.net/trac/wikka/ticket/1152"
},
{
"name": "wikkawiki-cve20135586-xss(87013)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87013"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wush.net/trac/wikka/changeset/1896"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123196"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wush.net/trac/wikka/changeset/1900"
},
{
"name": "20130911 Cross-Site Scripting (XSS) in WikkaWiki",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Sep/47"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.wikkawiki.org/WhatsNew134"
},
{
"name": "20130911 Cross-Site Scripting (XSS) in WikkaWiki",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0048.html"
},
{
"name": "97183",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/97183"
},
{
"name": "62325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62325"
},
{
"name": "54790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54790"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23170"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wush.net/trac/wikka/ticket/1153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wush.net/trac/wikka/ticket/1152"
},
{
"name": "wikkawiki-cve20135586-xss(87013)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87013"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wush.net/trac/wikka/changeset/1896"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123196"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wush.net/trac/wikka/changeset/1900"
},
{
"name": "20130911 Cross-Site Scripting (XSS) in WikkaWiki",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Sep/47"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.wikkawiki.org/WhatsNew134"
},
{
"name": "20130911 Cross-Site Scripting (XSS) in WikkaWiki",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0048.html"
},
{
"name": "97183",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/97183"
},
{
"name": "62325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62325"
},
{
"name": "54790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54790"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23170"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wush.net/trac/wikka/ticket/1153"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wush.net/trac/wikka/ticket/1152",
"refsource": "CONFIRM",
"url": "https://wush.net/trac/wikka/ticket/1152"
},
{
"name": "wikkawiki-cve20135586-xss(87013)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87013"
},
{
"name": "https://wush.net/trac/wikka/changeset/1896",
"refsource": "CONFIRM",
"url": "https://wush.net/trac/wikka/changeset/1896"
},
{
"name": "http://packetstormsecurity.com/files/123196",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123196"
},
{
"name": "https://wush.net/trac/wikka/changeset/1900",
"refsource": "CONFIRM",
"url": "https://wush.net/trac/wikka/changeset/1900"
},
{
"name": "20130911 Cross-Site Scripting (XSS) in WikkaWiki",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Sep/47"
},
{
"name": "http://docs.wikkawiki.org/WhatsNew134",
"refsource": "CONFIRM",
"url": "http://docs.wikkawiki.org/WhatsNew134"
},
{
"name": "20130911 Cross-Site Scripting (XSS) in WikkaWiki",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0048.html"
},
{
"name": "97183",
"refsource": "OSVDB",
"url": "http://osvdb.org/97183"
},
{
"name": "62325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62325"
},
{
"name": "54790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54790"
},
{
"name": "https://www.htbridge.com/advisory/HTB23170",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23170"
},
{
"name": "https://wush.net/trac/wikka/ticket/1153",
"refsource": "CONFIRM",
"url": "https://wush.net/trac/wikka/ticket/1153"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5586",
"datePublished": "2013-09-25T14:00:00",
"dateReserved": "2013-08-23T00:00:00",
"dateUpdated": "2024-08-06T17:15:21.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4449 (GCVE-0-2011-4449)
Vulnerability from nvd – Published: 2012-09-05 20:00 – Updated: 2024-09-16 20:21
VLAI?
Summary
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/changeset/1822"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/changeset/1822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wush.net/trac/wikka/ticket/1097",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/1097"
},
{
"name": "http://wush.net/trac/wikka/changeset/1822",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/changeset/1822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4449",
"datePublished": "2012-09-05T20:00:00Z",
"dateReserved": "2011-11-15T00:00:00Z",
"dateUpdated": "2024-09-16T20:21:27.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4448 (GCVE-0-2011-4448)
Vulnerability from nvd – Published: 2012-09-05 20:00 – Updated: 2024-09-16 16:44
VLAI?
Summary
SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/changeset/1820"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/changeset/1820"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wush.net/trac/wikka/changeset/1820",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/changeset/1820"
},
{
"name": "http://wush.net/trac/wikka/ticket/1097",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/1097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4448",
"datePublished": "2012-09-05T20:00:00Z",
"dateReserved": "2011-11-15T00:00:00Z",
"dateUpdated": "2024-09-16T16:44:00.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4452 (GCVE-0-2011-4452)
Vulnerability from nvd – Published: 2012-09-05 20:00 – Updated: 2024-09-16 22:46
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/changeset/1832"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/1098"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/changeset/1819"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/changeset/1832"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/1098"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/changeset/1819"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wush.net/trac/wikka/changeset/1832",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/changeset/1832"
},
{
"name": "http://wush.net/trac/wikka/ticket/1098",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/1098"
},
{
"name": "http://wush.net/trac/wikka/changeset/1819",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/changeset/1819"
},
{
"name": "http://wush.net/trac/wikka/ticket/1097",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/1097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4452",
"datePublished": "2012-09-05T20:00:00Z",
"dateReserved": "2011-11-15T00:00:00Z",
"dateUpdated": "2024-09-16T22:46:47.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4450 (GCVE-0-2011-4450)
Vulnerability from nvd – Published: 2012-09-05 20:00 – Updated: 2024-09-16 19:51
VLAI?
Summary
Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/changeset/1828"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/changeset/1828"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/1097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wush.net/trac/wikka/changeset/1828",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/changeset/1828"
},
{
"name": "http://wush.net/trac/wikka/ticket/1097",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/1097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4450",
"datePublished": "2012-09-05T20:00:00Z",
"dateReserved": "2011-11-15T00:00:00Z",
"dateUpdated": "2024-09-16T19:51:52.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4451 (GCVE-0-2011-4451)
Vulnerability from nvd – Published: 2012-09-05 20:00 – Updated: 2024-09-16 20:52 Disputed
VLAI?
Summary
libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/1098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wush.net/trac/wikka/ticket/1098"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wush.net/trac/wikka/ticket/1098",
"refsource": "MISC",
"url": "http://wush.net/trac/wikka/ticket/1098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4451",
"datePublished": "2012-09-05T20:00:00Z",
"dateReserved": "2011-11-15T00:00:00Z",
"dateUpdated": "2024-09-16T20:52:22.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2612 (GCVE-0-2007-2612)
Vulnerability from nvd – Published: 2007-05-11 10:00 – Updated: 2024-08-07 13:42
VLAI?
Summary
SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only applies to a "modified installation."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/383"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "35826",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35826"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only applies to a \"modified installation.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/383"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "35826",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35826"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only applies to a \"modified installation.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1725",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"name": "http://wush.net/trac/wikka/ticket/383",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/383"
},
{
"name": "http://wikkawiki.org/WikkaReleaseNotes",
"refsource": "CONFIRM",
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "35826",
"refsource": "OSVDB",
"url": "http://osvdb.org/35826"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2612",
"datePublished": "2007-05-11T10:00:00",
"dateReserved": "2007-05-11T00:00:00",
"dateUpdated": "2024-08-07T13:42:33.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2613 (GCVE-0-2007-2613)
Vulnerability from nvd – Published: 2007-05-11 10:00 – Updated: 2024-08-07 13:42
VLAI?
Summary
WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35825",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35825"
},
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/98"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35825",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35825"
},
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/98"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35825",
"refsource": "OSVDB",
"url": "http://osvdb.org/35825"
},
{
"name": "ADV-2007-1725",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"name": "http://wikkawiki.org/WikkaReleaseNotes",
"refsource": "CONFIRM",
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "http://wush.net/trac/wikka/ticket/98",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/98"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2613",
"datePublished": "2007-05-11T10:00:00",
"dateReserved": "2007-05-11T00:00:00",
"dateUpdated": "2024-08-07T13:42:33.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2551 (GCVE-0-2007-2551)
Vulnerability from nvd – Published: 2007-05-09 10:00 – Updated: 2024-08-07 13:42
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "35828",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35828"
},
{
"name": "23894",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23894"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/363"
},
{
"name": "25181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25181"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-05-17T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "35828",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35828"
},
{
"name": "23894",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23894"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/363"
},
{
"name": "25181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25181"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1725",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"name": "http://wikkawiki.org/WikkaReleaseNotes",
"refsource": "CONFIRM",
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "35828",
"refsource": "OSVDB",
"url": "http://osvdb.org/35828"
},
{
"name": "23894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23894"
},
{
"name": "http://wush.net/trac/wikka/ticket/363",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/363"
},
{
"name": "25181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25181"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2551",
"datePublished": "2007-05-09T10:00:00",
"dateReserved": "2007-05-08T00:00:00",
"dateUpdated": "2024-08-07T13:42:33.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2552 (GCVE-0-2007-2552)
Vulnerability from nvd – Published: 2007-05-09 10:00 – Updated: 2024-08-07 13:42
VLAI?
Summary
The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070509 Clarification on WikkaWikki RSS feed severity (CVE-2007-2552)",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-May/001607.html"
},
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "23894",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23894"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wush.net/trac/wikka/ticket/305"
},
{
"name": "35827",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35827"
},
{
"name": "25181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25181"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-05-17T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070509 Clarification on WikkaWikki RSS feed severity (CVE-2007-2552)",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-May/001607.html"
},
{
"name": "ADV-2007-1725",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "23894",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23894"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wush.net/trac/wikka/ticket/305"
},
{
"name": "35827",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35827"
},
{
"name": "25181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25181"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070509 Clarification on WikkaWikki RSS feed severity (CVE-2007-2552)",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-May/001607.html"
},
{
"name": "ADV-2007-1725",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1725"
},
{
"name": "http://wikkawiki.org/WikkaReleaseNotes",
"refsource": "CONFIRM",
"url": "http://wikkawiki.org/WikkaReleaseNotes"
},
{
"name": "23894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23894"
},
{
"name": "http://wush.net/trac/wikka/ticket/305",
"refsource": "CONFIRM",
"url": "http://wush.net/trac/wikka/ticket/305"
},
{
"name": "35827",
"refsource": "OSVDB",
"url": "http://osvdb.org/35827"
},
{
"name": "25181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25181"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2552",
"datePublished": "2007-05-09T10:00:00",
"dateReserved": "2007-05-08T00:00:00",
"dateUpdated": "2024-08-07T13:42:33.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}