CVE-2011-4450

Wikkawiki - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/18177

References (2)

Scores

EPSS 0.0943
EPSS Percentile 92.8%

Details

CWE
CWE-22
Status published
Products (2)
wikkawiki/wikkawiki 1.3.1
wikkawiki/wikkawiki 1.3.2
Published Sep 05, 2012
Tracked Since Feb 18, 2026