CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2006-7049

HIGH
7.5
CVSS Severity Score
EPSS Score0.1620%
EPSS Percentile44.29th
Published2007年2月24日
Last Modified2026年4月23日

Vulnerability Description

The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files.

Affected Platforms (CPE)

📦
Wikkawiki

Wikkawiki

= 1.1.6.0
📦
Wikkawiki

Wikkawiki

= 1.1.6.1

References & Advisories

🔗 http://secunia.com/advisories/20628
🔗 http://wikkawiki.org/WikkaReleaseNotes
🔗 http://www.osvdb.org/26543
🔗 http://www.securityfocus.com/bid/18484
🔗 http://www.vupen.com/english/advisories/2006/2381
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/27226
🔗 http://secunia.com/advisories/20628
🔗 http://wikkawiki.org/WikkaReleaseNotes

相關漏洞威脅

CVE-2007-26138.3

WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitr...

CVE-2011-44487.5

SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execu...

CVE-2007-26127.5

SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute ar...

CVE-2006-70506.8

Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary java...