CVE-2011-4448

Wikkawiki - SQL Injection

Title source: rule

Description

SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/18177

View Code ZIP pw:eip

References (2)

[Exploit, Patch] http://wush.net/trac/wikka/changeset/1820

[Vendor Advisory] http://wush.net/trac/wikka/ticket/1097

Scores

EPSS 0.0021

EPSS Percentile 42.6%

Details

CWE

CWE-89

Status published

Products (2)

wikkawiki/wikkawiki 1.3.1

wikkawiki/wikkawiki 1.3.2

Published Sep 05, 2012

Tracked Since Feb 18, 2026