|
Family: CGI abuses --> Category: attack
Wikka Local File Include Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to read a local file in Wikka
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is affected by a
local file include issue.
Description :
The remote host is running Wikka, a lightweight, open-source wiki
application written in PHP.
The version of Wikka installed on the remote host has a programming
error in the 'Method()-method' in 'wikka.php'. By leveraging this
issue, an unauthenticated attacker may be able to access arbitrary PHP
files on the affected host and execute them, subject to the rights
of the web server user id.
Note that successful exploitation is unaffected by the setting of PHP
'register_globals' but only works with files with the extension
'.php'.
See also :
http://wush.net/trac/wikka/ticket/36
http://wikkawiki.org/WikkaReleaseNotes#hn_Wikka_1.1.6.2
Solution :
Upgrade to Wikka version 1.1.6.2 or later.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|