7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.964 High
EPSS
Percentile
99.6%
Added: 09/08/2006
CVE: CVE-2006-4602
BID: 19819
OSVDB: 28456
TikiWiki is a multi-purpose web content management system written in PHP.
The **jhot.php**
script allows remote attackers to upload arbitrary PHP commands into the **img/wiki**
directory. The commands can then be executed by requesting the uploaded PHP file from a web browser.
Upgrade to TikiWiki 1.9.5 or higher.