Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Tiki Wiki CMS: Remote Code Execution via Calendar Module - Vulnerability Database

Tiki Wiki CMS: Remote Code Execution via Calendar Module

Description

Unauthenticated users can execute arbitrary code do to a vulnerability in the Calendar module.

Remediation

Upgrade Tiki Wiki CMS to version 14.2, 12.5 LTS, 9.11 LTS, 6.15 or above (recommended). If that is not possible, disable the calendar feature, or at the very minimum make the calendar feature accessible only to trusted users.

References

Tiki Wiki Announcement (2016-01-24)

Related Vulnerabilities

Apache OFBiz Log4Shell RCE High
Common tags: Information Disclosure Code Execution
Drupal 7 arbitrary PHP code execution and information disclosure High
Common tags: Information Disclosure Code Execution
Apache Solr Log4Shell RCE High
Common tags: Information Disclosure Code Execution
Tiki Wiki CMS: Arbitrary Code Execution High
Common tags: Information Disclosure Code Execution
VMware vCenter Log4Shell RCE High
Common tags: Information Disclosure Code Execution

Severity

High

Classification

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Information Disclosure
Code Execution