CVE-2011-4448 Information

Description

SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action.

Reference

http://wush.net/trac/wikka/changeset/1820 http://wush.net/trac/wikka/ticket/1097