CVE-2011-4449

Name of the Vulnerable Software and Affected Versions WikkaWiki versions 1.3.1 through 1.3.2

Description The issue allows remote attackers to execute arbitrary PHP code by uploading files with specific extensions, such as .mm or .vpp, when INTRANET MODE is enabled. This is possible because the affected software supports file uploads for file extensions that are typically not present in an Apache HTTP Server TypesConfig file.

Recommendations For WikkaWiki versions 1.3.1 and 1.3.2, consider disabling the file upload feature when INTRANET MODE is enabled until a patch is available. Restrict access to the actions/files/files.php script to minimize the risk of exploitation. Avoid using file extensions that are not explicitly defined in the Apache HTTP Server TypesConfig file.