CVE-2011-4451

Опубликовано: 05 сент. 2012

Источник: nvd

CVSS2: 4.3

EPSS Средний

Описание

libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter

Ссылки

http://wush.net/trac/wikka/ticket/1098
Exploit
http://wush.net/trac/wikka/ticket/1098
Exploit

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:wikkawiki:wikkawiki:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:wikkawiki:wikkawiki:1.3.2:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.63617

Средний

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-65vv-mx5f-jggq

github

больше 3 лет назад

** DISPUTED ** libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter.