CVE-2011-4450

WikkaWiki 1.3.1 and 1.3.2 - Path Traversal via File Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4450.

AI-analyzed exploit summary This is a detailed technical analysis of multiple vulnerabilities in WikkaWiki <= 1.3.2, including SQL injection, unrestricted file upload, arbitrary file download/deletion, and remote code execution. The writeup provides root cause analysis, vulnerable code snippets, and proof-of-concept requests for each vulnerability.

Description

Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/18177

This is a detailed technical analysis of multiple vulnerabilities in WikkaWiki <= 1.3.2, including SQL injection, unrestricted file upload, arbitrary file download/deletion, and remote code execution. The writeup provides root cause analysis, vulnerable code snippets, and proof-of-concept requests for each vulnerability.

Classification
Writeup 100%
Attack Type
Sqli | Info Leak | Auth Bypass | Rce
Complexity
Moderate
Reliability
Reliable
Target: WikkaWiki <= 1.3.2
Auth required
Prerequisites: Access to the application · Valid session cookie for some exploits
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Patch x_refsource_confirm
http://wush.net/trac/wikka/changeset/1828
Various Sources x_refsource_confirm
http://wush.net/trac/wikka/ticket/1097

Scores

EPSS 0.0748
EPSS Percentile 93.7%

Details

CWE
CWE-22
Status published
Products (2)
wikkawiki/wikkawiki 1.3.1
wikkawiki/wikkawiki 1.3.2
Published Sep 05, 2012
Tracked Since Feb 18, 2026