2 matches found
TikiWiki File Upload temp Directory Arbitrary Script Execution
The remote host is running TikiWiki, a content management system written in PHP. The remote version of this software is vulnerable to a flaw in the way TikiWiki handles uploaded files. If an attacker is able to upload a file, they can then call the script remotely via a request to the...
TikiWiki: Arbitrary command execution
Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description TikiWiki lacks a check on uploaded images in the Wiki edit page. Impact A malicious user could run arbitrary commands on the server by uploading and calling a PHP script...