|
Family: CGI abuses --> Category: infos
TikiWiki multiple input validation vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks the version of TikiWiki
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that suffers from
multiple issues.
Description :
The remote host is running TikiWiki, a content management system
written in PHP.
The remote version of this software is vulnerable to multiple
vulnerabilities that have been identified in various modules of the
application. These vulnerabilities may allow a remote attacker to
carry out various attacks such as path disclosure, cross-site
scripting, HTML injection, SQL injection, directory traversal, and
arbitrary file upload.
See also :
http://www.gulftech.org/?node=research&article_id=00037-04112004
http://archives.neohapsis.com/archives/bugtraq/2004-04/0137.html
http://tikiwiki.org/tiki-read_article.php?articleId=66
Solution :
Upgrade to TikiWiki 1.8.2 or newer.
Risk factor:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|