TikiWiki Upload Arbitrary Image Overwrite

2003-03-11T17:43:48
ID OSVDB:7434
Type osvdb
Reporter OSVDB
Modified 2003-03-11T17:43:48

Description

Vulnerability Description

TikiWiki contains a flaw that may allow a remote attacker to overwrite arbitrary images. The issue is triggered when uploading images with the same name (even in different galleries). It is possible that the flaw may allow a remote attacker to overwrite arbitrary images resulting in a loss of integrity.

Solution Description

Upgrade to version 1.7.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

TikiWiki contains a flaw that may allow a remote attacker to overwrite arbitrary images. The issue is triggered when uploading images with the same name (even in different galleries). It is possible that the flaw may allow a remote attacker to overwrite arbitrary images resulting in a loss of integrity.

References:

Vendor URL: http://tikiwiki.org/ Vendor Specific Advisory URL Vendor Specific Advisory URL