CVE-2006-7049 - The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions wi

CVE-2006-7049

Summary

The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files.

References

http://secunia.com/advisories/20628
http://wikkawiki.org/WikkaReleaseNotes
http://www.osvdb.org/26543
http://www.securityfocus.com/bid/18484
http://www.vupen.com/english/advisories/2006/2381
https://exchange.xforce.ibmcloud.com/vulnerabilities/27226

Vulnerable Configurations

cpe:2.3:a:wikkawiki:wikkawiki:1.1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:wikkawiki:wikkawiki:1.1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:wikkawiki:wikkawiki:1.1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:wikkawiki:wikkawiki:1.1.6.1:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 29-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	18484
confirm	http://wikkawiki.org/WikkaReleaseNotes
osvdb	26543
secunia	20628
vupen	ADV-2006-2381
xf	wikkawiki-method-security-bypass(27226)

Last major update

29-07-2017 - 01:29

Published

24-02-2007 - 00:28

Last modified

29-07-2017 - 01:29