Update closes TikiWiki holes
An update has been released for TikiWiki to remedy a recently publicised critical vulnerability. The flaw can be exploited to execute arbitrary PHP commands on the server by means of specially crafted URLs. All versions from release 1.9.1 on are affected. The update, release 1.9.8.1, can be downloaded from the project's website. The update only changes files; it does not update the database. Users can also exchange the file concerned directly: a link to the new file is provided at the Tiki home page. Users of version 1.10 should update their system via CVS.
(mba)