In association with heise online

29 October 2007, 14:39

TikiWiki resolves vulnerability properly

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A critical hole in Wiki system TikiWiki was supposed to have been closed by version However, Stefan Esser found more ways of compromising servers by deploying PHP commands in specially crafted URLs via tiki-graph_formula.php. Updated version is now available and should resolve the vulnerability correctly.

For a short while, developers made version available for download which, apart from the tiki-graph_formula.php issue, also resolved further previously unknown, unidentified vulnerabilities. However, after the update had been installed users could no longer display gallery images. This problem has been fixed in version

Since the new TikiWiki version closes critical holes, administrators are advised to upgrade as soon as possible. For older versions, the developers have provided patches resolving the issue on the project's Sourceforge pages.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit