Added: 09/08/2006
CVE: CVE-2006-4602
BID: 19819
OSVDB: 28456
TikiWiki is a multi-purpose web content management system written in PHP.
The **jhot.php**
script allows remote attackers to upload arbitrary PHP commands into the **img/wiki**
directory. The commands can then be executed by requesting the uploaded PHP file from a web browser.
Upgrade to TikiWiki 1.9.5 or higher.