CVE-2006-7049

critical

Description

The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/27226

http://www.vupen.com/english/advisories/2006/2381

http://www.securityfocus.com/bid/18484

http://www.osvdb.org/26543

http://wikkawiki.org/WikkaReleaseNotes

http://secunia.com/advisories/20628

Details

Source: Mitre, NVD

Published: 2007-02-24

Updated: 2017-07-29

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

Detections

Analytics