| VID |
21507 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of TikiWiki which is older or equal to 1.8.1 is running on the host. Tiki CMS/Groupware (aka TikiWiki) is a freely available Content Management System (CMS) and Groupware written in PHP. TikiWiki versions 1.8.1 and earlier are vulnerable to multiple vulnerabilities. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload.
* Note: This check solely relied on the version number of the TikiWiki installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2004-04/0137.html
http://tikiwiki.org/tiki-read_article.php?articleId=66
* Platforms Affected:
Open-Source, TikiWiki versions 1.8.1 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of TikiWiki (1.8.2 or later), available from the TikiWiki Download Web site at http://tikiwiki.org/Download |
| Related URL |
CVE-2004-1923,CVE-2004-1924,CVE-2004-1925,CVE-2004-1926,CVE-2004-1927 (CVE) |
| Related URL |
10100 (SecurityFocus) |
| Related URL |
15845,15846,15847,15848,15849 (ISS) |
|
