TikiWiki.Tiki.Editpage.PHP.Directory.Traversal
Description
Remote exploitation of an input validation vulnerability in Tikiwiki could allow attackers to gain access to arbitrary files on the vulnerable system and execute arbitrary code under the privileges of the underlying web-server.
Affected Products
TikiWiki Project TikiWiki 1.8.5
TikiWiki Project TikiWiki 1.8.4
+ Gentoo Linux
Impact
Gain access to arbitrary files.
Recommended Actions
The vendor has addressed this issue in version 1.9.1 and later:
TikiWiki Project TikiWiki 1.8.5
Tikiwiki Project tikiwiki-1.9.1.1.tar.gz
http://prdownloads.sourceforge.net/tikiwiki/tikiwiki-1.9.1.1.tar.gz
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2018-11-06 | 13.485 |