CVE-2011-4449

WikkaWiki 1.3.1-1.3.2 - RCE

Title source: llm

Description

actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappsphp
https://www.exploit-db.com/exploits/18865
exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/18177

References (2)

Scores

EPSS 0.0452
EPSS Percentile 89.2%

Details

Status published
Products (2)
wikkawiki/wikkawiki 1.3.1
wikkawiki/wikkawiki 1.3.2
Published Sep 05, 2012
Tracked Since Feb 18, 2026