Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

Wikka Local File Include Vulnerability Vulnerability Scan


Vulnerability Scan Summary
Tries to read a local file in Wikka

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP script that is affected by a
local file include issue.

Description :

The remote host is running Wikka, a lightweight, open-source wiki
application written in PHP.

The version of Wikka installed on the remote host has a programming
error in the 'Method()-method' in 'wikka.php'. By leveraging this
issue, an unauthenticated attacker may be able to access arbitrary PHP
files on the affected host and execute them, subject to the rights
of the web server user id.

Note that successful exploitation is unaffected by the setting of PHP
'register_globals' but only works with files with the extension
'.php'.

See also :

http://wush.net/trac/wikka/ticket/36
http://wikkawiki.org/WikkaReleaseNotes#hn_Wikka_1.1.6.2

Solution :

Upgrade to Wikka version 1.1.6.2 or later.

Threat Level:

High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.