TikiWiki.Tiki.Editpage.PHP.Directory.Traversal

description-logoDescription

Remote exploitation of an input validation vulnerability in Tikiwiki could allow attackers to gain access to arbitrary files on the vulnerable system and execute arbitrary code under the privileges of the underlying web-server.

affected-products-logoAffected Products

TikiWiki Project TikiWiki 1.8.5
TikiWiki Project TikiWiki 1.8.4
+ Gentoo Linux

Impact logoImpact

Gain access to arbitrary files.

recomended-action-logoRecommended Actions

The vendor has addressed this issue in version 1.9.1 and later:
TikiWiki Project TikiWiki 1.8.5
Tikiwiki Project tikiwiki-1.9.1.1.tar.gz
http://prdownloads.sourceforge.net/tikiwiki/tikiwiki-1.9.1.1.tar.gz

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2018-11-06 13.485