CVE-2006-7049

Sažetak

The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files.

Reference

http://secunia.com/advisories/20628
http://wikkawiki.org/WikkaReleaseNotes
http://www.osvdb.org/26543
http://www.securityfocus.com/bid/18484
http://www.vupen.com/english/advisories/2006/2381
https://exchange.xforce.ibmcloud.com/vulnerabilities/27226

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-07-2017 - 01:29

Objavljeno

24-02-2007 - 00:28