TikiWiki Unauthorized Page Access

medium Nessus Plugin ID 14359

Language:

Synopsis

The remote host has a PHP script that could allow unauthorized access to certain restricted pages.

Description

The remote host is running TikiWiki, a content management system written in PHP.

The remote version of this software is vulnerable to a flaw that could allow an attacker to bypass the permissions of individual Wiki pages.

An attacker could exploit this flaw to deface the remote web server or gain access to pages where access should be denied.

Solution

Upgrade to TikiWiki 1.8.4.

Plugin Details

Severity: Medium

ID: 14359

File Name: tikiwiki_unauthorized_access.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 8/23/2004

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:tikiwiki:tikiwiki

Required KB Items: www/PHP, www/tikiwiki

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 10972

Detections

Analytics