Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Tiki Wiki CMS: Arbitrary Code Execution - Vulnerability Database

Tiki Wiki CMS: Arbitrary Code Execution

Description

Unauthenticated users can upload and execute arbitrary code due to a vulnerability in a preinstalled third-party component ("ELFinder"). An unauthenticated user can upload and PHP file with arbitrary code and execute it with the permissions of the web server user.

Remediation

Upgrade Tiki Wiki CMS to version 12.9, 14.4, 15.2 or above (recommended)

References

Tiki Wiki Announcement (2016-07-08)

Related Vulnerabilities

Apache OFBiz Log4Shell RCE High
Common tags: Information Disclosure Code Execution
Drupal 7 arbitrary PHP code execution and information disclosure High
Common tags: Information Disclosure Code Execution
Apache Solr Log4Shell RCE High
Common tags: Information Disclosure Code Execution
Tiki Wiki CMS: Remote Code Execution via Calendar Module High
Common tags: Information Disclosure Code Execution
VMware vCenter Log4Shell RCE High
Common tags: Information Disclosure Code Execution

Severity

High

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Information Disclosure
Code Execution