In association with heise online

11 October 2007, 22:37

Critical vulnerability in TikiWiki wiki system

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Users running the TikiWiki wiki system should keep an eye on their servers. An exploit has been published on Milw0rm which shows how PHP commands can be executed on a TikiWiki server by means of crafted URLs. Unauthenticated attackers could use this to compromise the server. The cause of the vulnerability is incorrect processing of parameters in the tiki-graph_formula.php module, causing the server to execute injected PHP functions.

The current version 1.9.8 and probably previous versions are affected. An update is not yet available. As a workaround, users should delete or rename this module until an update is released.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit