Lucene search
HistoryFeb 24, 2007 - 12:28 a.m.
CVE-2006-7049
cve-2006-7049
wikkawiki
wikka wiki
access restrictions
remote attackers
security vulnerability
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.9 Medium
AI Score
Confidence
Low
0.179 Low
EPSS
Percentile
96.2%
The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files.
Affected configurations
Node
wikkawikiwikkawikiMatch1.1.6.0
ORwikkawikiwikkawikiMatch1.1.6.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| wikkawiki:wikkawiki | wikkawiki | eq | 1.1.6.0 |
| wikkawiki:wikkawiki | wikkawiki | eq | 1.1.6.1 |
Related
nvd
nvd
CVE-2006-7049
2007-02-24 00:28:00
nessus
nessus
Wikka wikka.php Local File Inclusion
2006-06-17 00:00:00
cvelist
cvelist
CVE-2006-7049
2007-02-24 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.9 Medium
AI Score
Confidence
Low
0.179 Low
EPSS
Percentile
96.2%
Related for CVE-2006-7049