Unrated severityNVD Advisory· Published Feb 24, 2007· Updated Apr 23, 2026

CVE-2006-7049

Description

The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files.

Affected products

Wikkawiki/Wikkawiki2 versions
cpe:2.3:a:wikkawiki:wikkawiki:1.1.6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:wikkawiki:wikkawiki:1.1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:wikkawiki:wikkawiki:1.1.6.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/20628nvdPatchVendor Advisory
www.osvdb.org/26543nvdPatch
www.securityfocus.com/bid/18484nvdPatch
wikkawiki.org/WikkaReleaseNotesnvd
www.vupen.com/english/advisories/2006/2381nvd
exchange.xforce.ibmcloud.com/vulnerabilities/27226nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000