CVE-2011-4452

Wikkawiki - CSRF

Title source: rule
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action.

Exploits (1)

exploitdb WRITEUP
by EgiX · textwebappsphp
https://www.exploit-db.com/exploits/18177

References (4)

Core 4
Core References
Exploit, Patch x_refsource_confirm
http://wush.net/trac/wikka/changeset/1832
Exploit x_refsource_confirm
http://wush.net/trac/wikka/ticket/1098
Exploit, Patch x_refsource_confirm
http://wush.net/trac/wikka/changeset/1819
Various Sources x_refsource_confirm
http://wush.net/trac/wikka/ticket/1097

Scores

EPSS 0.0014
EPSS Percentile 33.3%

Details

CWE
CWE-352
Status published
Products (2)
wikkawiki/wikkawiki 1.3.1
wikkawiki/wikkawiki 1.3.2
Published Sep 05, 2012
Tracked Since Feb 18, 2026