Lucene search

[email protected]NVD:CVE-2006-7049

HistoryFeb 24, 2007 - 12:28 a.m.

CVE-2006-7049

2007-02-2400:28:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.179

Percentile

96.2%

JSON

The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files.

Affected configurations

Nvd

Node

wikkawikiwikkawikiMatch1.1.6.0

wikkawikiwikkawikiMatch1.1.6.1

VendorProductVersionCPE
wikkawikiwikkawiki1.1.6.0cpe:2.3:a:wikkawiki:wikkawiki:1.1.6.0:*:*:*:*:*:*:*
wikkawikiwikkawiki1.1.6.1cpe:2.3:a:wikkawiki:wikkawiki:1.1.6.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wikkawiki	wikkawiki	1.1.6.0	cpe:2.3:a:wikkawiki:wikkawiki:1.1.6.0:::::::*
wikkawiki	wikkawiki	1.1.6.1	cpe:2.3:a:wikkawiki:wikkawiki:1.1.6.1:::::::*

References

secunia.com/advisories/20628

wikkawiki.org/WikkaReleaseNotes

www.osvdb.org/26543

www.securityfocus.com/bid/18484

www.vupen.com/english/advisories/2006/2381

exchange.xforce.ibmcloud.com/vulnerabilities/27226

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.179

Percentile

96.2%

JSON

Related for NVD:CVE-2006-7049

cve1 nessus1 cvelist1