CVE-2011-5076

Name of the Vulnerable Software and Affected Versions HDWiki versions 5.0 through 5.1

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the PATH INFO to index.php, specifically targeting the model/comment.class.php file.

Recommendations For HDWiki versions 5.0 and 5.1, consider restricting access to the model/comment.class.php file until a patch is available. As a temporary workaround, avoid using the PATH INFO to index.php in affected versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.