CyberSec.Space Logo
Back to CVE Browser

CVE-2011-4448

HIGH
7.5
CVSS Severity Score
EPSS Score0.0530%
EPSS Percentile6.83th
PublishedSep 5, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action.

Affected Platforms (CPE)

πŸ“¦
Wikkawiki

Wikkawiki

= 1.3.1
πŸ“¦
Wikkawiki

Wikkawiki

= 1.3.2

References & Advisories

πŸ”— http://wush.net/trac/wikka/changeset/1820
πŸ”— http://wush.net/trac/wikka/ticket/1097
πŸ”— http://wush.net/trac/wikka/changeset/1820
πŸ”— http://wush.net/trac/wikka/ticket/1097

Related Vulnerabilities

CVE-2007-26138.3

WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitr...

CVE-2007-26127.5

SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute ar...

CVE-2006-70497.5

The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, w...

CVE-2006-70506.8

Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary java...