actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
References
Link | Resource |
---|---|
http://wush.net/trac/wikka/changeset/1822 | Exploit Patch |
http://wush.net/trac/wikka/ticket/1097 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:15:14
Updated: 2022-10-03T16:15:14
Reserved: 2022-10-03T00:00:00
Link: CVE-2011-4449
JSON object: View
NVD Information
Status : Modified
Published: 2012-09-05T20:55:01.163
Modified: 2012-09-07T04:24:00.600
Link: CVE-2011-4449
JSON object: View
Redhat Information
No data.
CWE