11 October 2007, 22:37
Critical vulnerability in TikiWiki wiki system
Users running the TikiWiki wiki system should keep an eye on their servers. An exploit has been published on Milw0rm which shows how PHP commands can be executed on a TikiWiki server by means of crafted URLs. Unauthenticated attackers could use this to compromise the server. The cause of the vulnerability is incorrect processing of parameters in the tiki-graph_formula.php module, causing the server to execute injected PHP functions.
The current version 1.9.8 and probably previous versions are affected. An update is not yet available. As a workaround, users should delete or rename this module until an update is released.
(mba)
Print Version | Send by email
| Permalink: http://h-online.com/-733770
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
