CVE-2006-7049 Information

Description

The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files.

Reference

http://secunia.com/advisories/20628 http://wikkawiki.org/WikkaReleaseNotes http://www.osvdb.org/26543 http://www.securityfocus.com/bid/18484 http://www.vupen.com/english/advisories/2006/2381 https://exchange.xforce.ibmcloud.com/vulnerabilities/27226