Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-09-16T19:51:52.672Z
Reserved: 2011-11-15T00:00:00Z
Link: CVE-2011-4450

No data.

Status : Modified
Published: 2012-09-05T20:55:01.193
Modified: 2024-11-21T01:32:22.883
Link: CVE-2011-4450

No data.