Description
WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form through index.php.
References (4)
Core 4
Core References
Product x_refsource_misc
https://wikidocs.it/
Product x_refsource_misc
https://demo.wikidocs.it/
Third Party Advisory x_refsource_misc
https://github.com/Zavy86/WikiDocs
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/Zavy86/WikiDocs/issues/28
Scores
CVSS v3
8.8
EPSS
0.0455
EPSS Percentile
89.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
wikidocs/wikidocs
0.1.18
Published
Feb 19, 2022
Tracked Since
Feb 18, 2026