CVE-2011-4452
WikkaWiki 1.3.1 and 1.3.2 - Cross-Site Request Forgery in AdminUsers Component
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-4452. PoCs published by EgiX.
AI-analyzed exploit summary This is a detailed technical analysis of multiple vulnerabilities in WikkaWiki <= 1.3.2, including SQL injection, unrestricted file upload, arbitrary file download/deletion, and remote code execution. The writeup provides proof-of-concept requests and explains the root causes of each vulnerability.
Description
Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action.
Exploits (1)
This is a detailed technical analysis of multiple vulnerabilities in WikkaWiki <= 1.3.2, including SQL injection, unrestricted file upload, arbitrary file download/deletion, and remote code execution. The writeup provides proof-of-concept requests and explains the root causes of each vulnerability.