CVE-2011-4450 Information

Description

Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter as demonstrated by the /../../wikka.config.php pathname in a download action.

Reference

http://wush.net/trac/wikka/changeset/1828 http://wush.net/trac/wikka/ticket/1097