TikiWiki User Profile Multiple Option Code Injection
2004-04-11T14:03:29
ID OSVDB:5184 Type osvdb Reporter JeiAr(jeiar@gulftech.org) Modified 2004-04-11T14:03:29
Description
Vulnerability Description
TikiWiki contains a flaw that allows remote code injection. This flaw exists because the application does not validate User Profile variables upon submission to the application. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Solution Description
Upgrade to version 1.8.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Short Description
TikiWiki contains a flaw that allows remote code injection. This flaw exists because the application does not validate User Profile variables upon submission to the application. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Manual Testing Notes
Navigate to the following options, input arbitrary code:
User Profile > Theme
User Profile > Country Field
User Profile > Real Name
User Profile > Displayed time zone
{"edition": 1, "title": "TikiWiki User Profile Multiple Option Code Injection", "bulletinFamily": "software", "published": "2004-04-11T14:03:29", "lastseen": "2017-04-28T13:19:59", "modified": "2004-04-11T14:03:29", "reporter": "JeiAr(jeiar@gulftech.org)", "viewCount": 1, "href": "https://vulners.com/osvdb/OSVDB:5184", "description": "## Vulnerability Description\nTikiWiki contains a flaw that allows remote code injection. This flaw exists because the application does not validate User Profile variables upon submission to the application. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 1.8.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nTikiWiki contains a flaw that allows remote code injection. This flaw exists because the application does not validate User Profile variables upon submission to the application. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nNavigate to the following options, input arbitrary code:\nUser Profile > Theme\nUser Profile > Country Field\nUser Profile > Real Name\nUser Profile > Displayed time zone\n## References:\nVendor URL: http://www.tikiwiki.org/\nVendor URL: http://freshmeat.net/projects/tiki/\n[Vendor Specific Advisory URL](http://security.gentoo.org/glsa/glsa-200501-12.xml)\n[Secunia Advisory ID:11344](https://secuniaresearch.flexerasoftware.com/advisories/11344/)\n[Secunia Advisory ID:13772](https://secuniaresearch.flexerasoftware.com/advisories/13772/)\nOther Advisory URL: http://www.gulftech.org/04112004.php\n", "affectedSoftware": [{"name": "TikiWiki", "version": "1.8", "operator": "eq"}, {"name": "TikiWiki", "version": "1.7.x", "operator": "eq"}, {"name": "TikiWiki", "version": "1.6.x", "operator": "eq"}, {"name": "TikiWiki", "version": "1.8.1", "operator": "eq"}], "type": "osvdb", "references": [], "enchantments": {"score": {"value": -0.5, "vector": "NONE", "modified": "2017-04-28T13:19:59", "rev": 2}, "dependencies": {"references": [], "modified": "2017-04-28T13:19:59", "rev": 2}, "vulnersScore": -0.5}, "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "OSVDB:5184"}
