Directory traversal

2007-10-2618:46:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.5%

JSON

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded “…%2F” sequences in the imp_language parameter to tiki-imexport_languages.php.

CPENameOperatorVersion
tikiwiki_cms\\/groupwarele1.9.8.1
tikiwiki_cms\\/groupwareeq1.9.4
tikiwiki_cms\\/groupwareeq1.9.0 rc2
tikiwiki_cms\\/groupwareeq1.9.3
tikiwiki_cms\\/groupwareeq1.9.0
tikiwiki_cms\\/groupwareeq1.6.1
tikiwiki_cms\\/groupwareeq1.9.5
tikiwiki_cms\\/groupwareeq1.9.0 rc1
tikiwiki_cms\\/groupwareeq1.9.8
tikiwiki_cms\\/groupwareeq1.9.0 rc3

Name	Operator	Version
tikiwiki_cms\\/groupware	le	1.9.8.1
tikiwiki_cms\\/groupware	eq	1.9.4
tikiwiki_cms\\/groupware	eq	1.9.0 rc2
tikiwiki_cms\\/groupware	eq	1.9.3
tikiwiki_cms\\/groupware	eq	1.9.0
tikiwiki_cms\\/groupware	eq	1.6.1
tikiwiki_cms\\/groupware	eq	1.9.5
tikiwiki_cms\\/groupware	eq	1.9.0 rc1
tikiwiki_cms\\/groupware	eq	1.9.8
tikiwiki_cms\\/groupware	eq	1.9.0 rc3