CVE-2006-7049

2007-02-2400:00:00

mitre

www.cve.org

6.9 Medium

AI Score

Confidence

Low

0.179 Low

EPSS

Percentile

96.2%

JSON

The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files.

References

secunia.com/advisories/20628

wikkawiki.org/WikkaReleaseNotes

www.osvdb.org/26543

www.securityfocus.com/bid/18484

www.vupen.com/english/advisories/2006/2381

exchange.xforce.ibmcloud.com/vulnerabilities/27226