CVE-2011-4448
WikkaWiki 1.3.1 and 1.3.2 - SQL Injection via default_comment_display Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-4448.
AI-analyzed exploit summary This is a detailed technical analysis of multiple vulnerabilities in WikkaWiki <= 1.3.2, including SQL injection (CVE-2011-4448), unrestricted file upload (CVE-2011-4449), arbitrary file download/deletion (CVE-2011-4450), and remote code execution (CVE-2011-4451). The writeup includes code snippets, root cause analysis, and proof-of-concept requests.
Description
SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action.
Exploits (1)
This is a detailed technical analysis of multiple vulnerabilities in WikkaWiki <= 1.3.2, including SQL injection (CVE-2011-4448), unrestricted file upload (CVE-2011-4449), arbitrary file download/deletion (CVE-2011-4450), and remote code execution (CVE-2011-4451). The writeup includes code snippets, root cause analysis, and proof-of-concept requests.