CVE-2011-4451

Name of the Vulnerable Software and Affected Versions WikkaWiki versions 1.3.1 through 1.3.2

Description The issue allows remote attackers to write arbitrary PHP code to the spamlog path file via the User-Agent HTTP header in an addcomment request when the spam logging option is enabled. The vendor disputes this issue because the rendering of the spamlog path file never uses the PHP interpreter.

Recommendations For versions 1.3.1 and 1.3.2, consider disabling the spam logging option as a temporary workaround to minimize the risk of exploitation. Restrict access to the spamlog path file to prevent potential abuse. Avoid using the User-Agent HTTP header in addcomment requests until the issue is resolved.