CyberSec.Space Logo
Back to CVE Browser

CVE-2006-7049

HIGH
7.5
CVSS Severity Score
EPSS Score0.1620%
EPSS Percentile44.29th
PublishedFeb 24, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files.

Affected Platforms (CPE)

πŸ“¦
Wikkawiki

Wikkawiki

= 1.1.6.0
πŸ“¦
Wikkawiki

Wikkawiki

= 1.1.6.1

References & Advisories

πŸ”— http://secunia.com/advisories/20628
πŸ”— http://wikkawiki.org/WikkaReleaseNotes
πŸ”— http://www.osvdb.org/26543
πŸ”— http://www.securityfocus.com/bid/18484
πŸ”— http://www.vupen.com/english/advisories/2006/2381
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/27226
πŸ”— http://secunia.com/advisories/20628
πŸ”— http://wikkawiki.org/WikkaReleaseNotes

Related Vulnerabilities

CVE-2007-26138.3

WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitr...

CVE-2011-44487.5

SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execu...

CVE-2007-26127.5

SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute ar...

CVE-2006-70506.8

Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary java...