TikiWiki is a multi-purpose web content management system written in PHP.
**jhot.php** script allows remote attackers to upload arbitrary PHP commands into the
**img/wiki** directory. The commands can then be executed by requesting the uploaded PHP file from a web browser.
Upgrade to TikiWiki 1.9.5 or higher.