CVE-2011-4451

WikkaWiki 1.3.1 and 1.3.2 - Arbitrary PHP Code Write via User-Agent HTTP Header

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-4451. PoCs published by EgiX, sinn3r, including Metasploit module exploits/multi/http/wikka_spam_exec.

AI-analyzed exploit summary This is a detailed technical analysis of multiple vulnerabilities in WikkaWiki <= 1.3.2, including SQL injection, unrestricted file upload, arbitrary file download/deletion, and remote code execution. The writeup provides code snippets, proof-of-concept requests, and explanations of root causes.

Description

libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter

Exploits (2)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/18177

View Code ZIP pw:eip

This is a detailed technical analysis of multiple vulnerabilities in WikkaWiki <= 1.3.2, including SQL injection, unrestricted file upload, arbitrary file download/deletion, and remote code execution. The writeup provides code snippets, proof-of-concept requests, and explanations of root causes.

Classification

Writeup 100%

Attack Type

Sqli | Info Leak | Auth Bypass | Rce

Complexity

Moderate

Reliability

Reliable

Target: WikkaWiki <= 1.3.2

Auth required

Prerequisites: Valid user session for some exploits · Admin session for file deletion · INTRANET_MODE enabled or successful session hijacking for file upload

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by EgiX, sinn3r · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wikka_spam_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a PHP code injection vulnerability in WikkaWiki 1.3.2 by injecting malicious PHP code via the UserAgent header into the spam log file, then triggering execution by generating spam URLs in a comment.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WikkaWiki 1.3.2 r1814

Auth required

Prerequisites: Valid WikkaWiki credentials · Spam logging feature enabled · Page allowing comments

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit x_refsource_misc

http://wush.net/trac/wikka/ticket/1098

Scores

EPSS 0.1348

EPSS Percentile 96.0%

Details

Status published

Products (2)

wikkawiki/wikkawiki 1.3.1

wikkawiki/wikkawiki 1.3.2

Published Sep 05, 2012

Tracked Since Feb 18, 2026