VULHUB ™

TikiWiki is prone to a security vulnerability that will allow remote users to upload files with arbitrary file extensions to the computer hosting the software. This vulnerability could allow an attacker to upload a malicious PHP script to the server and cause it to be executed. Scripts in other languages could also be executed in this manner if the Web server has a script handler configured for the file extension. Successful exploitation will result in execution of arbitrary code in the context of the Web server. It is reported that the attacker must have sufficient privileges to upload images to the Wiki to exploit the issue.

TikiWiki is prone to a security vulnerability that will allow remote users to upload files with arbitrary file extensions to the computer hosting the software. This vulnerability could allow an attacker to upload a malicious PHP script to the server and cause it to be executed. Scripts in other languages could also be executed in this manner if the Web server has a script handler configured for the file extension. Successful exploitation will result in execution of arbitrary code in the context of the Web server. It is reported that the attacker must have sufficient privileges to upload images to the Wiki to exploit the issue.