CVE-2011-4449

WikkaWiki 1.3.1 and 1.3.2 - Arbitrary PHP Code Execution via File Upload with Multiple Extensions

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-4449. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits a PHP code injection vulnerability in WikkaWiki 1.3.2 by injecting malicious PHP code into the spam log file via the UserAgent header. The exploit triggers spam logging by generating fake URLs in a comment and then executes the payload by accessing the spam log file.

Description

actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsphp

https://www.exploit-db.com/exploits/18865

View Code ZIP pw:eip

This Metasploit module exploits a PHP code injection vulnerability in WikkaWiki 1.3.2 by injecting malicious PHP code into the spam log file via the UserAgent header. The exploit triggers spam logging by generating fake URLs in a comment and then executes the payload by accessing the spam log file.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WikkaWiki 1.3.2 r1814

Auth required

Prerequisites: Valid WikkaWiki credentials · Spam logging feature enabled · A page that allows comments

MITRE ATT&CK

T1189 - Drive-by Compromise T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/18177

View Code ZIP pw:eip

This is a detailed technical analysis of multiple vulnerabilities in WikkaWiki <= 1.3.2, including SQL injection, unrestricted file upload, arbitrary file download/deletion, and remote code execution. The writeup provides proof-of-concept requests and explains the root causes of each vulnerability.

Classification

Writeup 100%

Attack Type

Sqli | Info Leak | Auth Bypass | Rce

Complexity

Moderate

Reliability

Reliable

Target: WikkaWiki <= 1.3.2

Auth required

Prerequisites: Valid session cookie for authenticated actions · Admin privileges for certain exploits

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

http://wush.net/trac/wikka/ticket/1097

Exploit, Patch x_refsource_confirm

http://wush.net/trac/wikka/changeset/1822

Scores

EPSS 0.0414

EPSS Percentile 89.5%

Details

Status published

Products (2)

wikkawiki/wikkawiki 1.3.1

wikkawiki/wikkawiki 1.3.2

Published Sep 05, 2012

Tracked Since Feb 18, 2026