Vulnerability Description
The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wikkawiki | Wikkawiki | 1.1.6.0 |
References
- http://secunia.com/advisories/20628PatchVendor Advisory
- http://wikkawiki.org/WikkaReleaseNotes
- http://www.osvdb.org/26543Patch
- http://www.securityfocus.com/bid/18484Patch
- http://www.vupen.com/english/advisories/2006/2381
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27226
- http://secunia.com/advisories/20628PatchVendor Advisory
- http://wikkawiki.org/WikkaReleaseNotes
- http://www.osvdb.org/26543Patch
- http://www.securityfocus.com/bid/18484Patch
- http://www.vupen.com/english/advisories/2006/2381
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27226
FAQ
What is CVE-2006-7049?
CVE-2006-7049 is a vulnerability with a CVSS score of 7.5 (HIGH). The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions an...
How severe is CVE-2006-7049?
CVE-2006-7049 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-7049?
Check the references section above for vendor advisories and patch information. Affected products include: Wikkawiki Wikkawiki.