Rhymix CMS Cross-Site Scripting Vulnerability

Rhymix CMS is a PHP-based content management system CMS. A cross-site scripting vulnerability exists in the index.php?module=admin&act=dispModuleAdminFileBox page in Rhymix CMS version 1.9.8.1, which can be exploited by remote attackers to inject arbitrary web script or HTML by uploading a...

TikiWiki <= 1.9.8.1 Local File Inclusion Vulnerabilities

No description provided by source. ====================================================================== TikiWiki = 1.9.8.1 Local File Inclusion ====================================================================== Author: L4teral l4teral 4t gmail com Impact: Local File Inclusion Status: patch...

tikiwiki-xsslfi.txt

====================================================================== TikiWiki Impact: Cross Site Scripting Local File Inclusion Status: patch available ------------------------------ Affected software description: ------------------------------ Application: TikiWiki Version: URL:...

TikiWiki: Arbitrary command execution

Background TikiWiki is an open source content management system written in PHP. Description ShAnKaR reported that input passed to the "f" array parameter in tiki-graphformula.php is not properly verified before being used to execute PHP functions. Impact An attacker could execute arbitrary code...

TikiWiki tiki-graph_formula.php f Parameter Arbitrary Command Execution

The remote host is running TikiWiki, an open source wiki application written in PHP. The version of TikiWiki on the remote host fails to sanitize input to the 'f' parameter of the 'tiki-graphformula.php' script before using it as a function call. Regardless of PHP's 'registerglobals' setting, an...