CVE-2011-4333

MEDIUM

scilico labwiki < 1.1 - Cross-Site Scripting via from or page_no Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4333.

AI-analyzed exploit summary The document describes multiple vulnerabilities in LabWiki <= 1.1, including a shell upload vulnerability due to improper filetype checks in /edit.php and multiple XSS vulnerabilities in index.php and recentchanges.php. It provides technical details and proof-of-concept payloads for exploitation.

Description

Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) from parameter to index.php or the (2) page_no parameter to recentchanges.php.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/18100

View Code ZIP pw:eip

The document describes multiple vulnerabilities in LabWiki <= 1.1, including a shell upload vulnerability due to improper filetype checks in /edit.php and multiple XSS vulnerabilities in index.php and recentchanges.php. It provides technical details and proof-of-concept payloads for exploitation.

Classification

Writeup 90%

Attack Type

Xss | Other

Complexity

Trivial

Reliability

Reliable

Target: LabWiki <= 1.1

No auth needed

Prerequisites: Access to the upload functionality (if restricted) · Ability to craft malicious HTTP requests

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2011/11/21/16

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2014/02/08/5

Scores

CVSS v3 6.1

EPSS 0.0206

EPSS Percentile 78.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

scilico/labwiki < 1.1

Published Oct 23, 2017

Tracked Since Feb 18, 2026