Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

TikiWiki multiple input validation vulnerabilities Vulnerability Scan


Vulnerability Scan Summary
Checks the version of TikiWiki

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that suffers from
multiple issues.

Description :

The remote host is running TikiWiki, a content management system
written in PHP.

The remote version of this software is vulnerable to multiple
vulnerabilities that have been identified in various modules of the
application. These vulnerabilities may allow a remote attacker to
carry out various attacks such as path disclosure, cross-site
scripting, HTML injection, SQL injection, directory traversal, and
arbitrary file upload.

See also :

http://www.gulftech.org/?node=research&article_id=00037-04112004
http://archives.neohapsis.com/archives/bugtraq/2004-04/0137.html
http://tikiwiki.org/tiki-read_article.php?articleId=66

Solution :

Upgrade to TikiWiki 1.8.2 or newer.

Risk factor:

High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.