Detections
Analytics
TikiWiki < 1.8.2 Multiple Input Validation Vulnerabilities
high Nessus Plugin ID 14364
Language:
Synopsis
The remote web server contains a PHP application that suffers from multiple issues.Description
The remote host is running TikiWiki, a content management system written in PHP.The remote version of this software has multiple vulnerabilities that have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload.
Solution
Upgrade to TikiWiki 1.8.2 or newer.See Also
http://www.nessus.org/u?9f6bfebe
Plugin Details
Severity: High
ID: 14364
File Name: tikiwiki_multiple_input_flaws.nasl
Version: 1.27
Type: remote
Family: CGI abuses
Published: 8/24/2004
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:tikiwiki:tikiwiki
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Vulnerability Publication Date: 4/11/2004
Reference Information
CVE: CVE-2004-1923, CVE-2004-1924, CVE-2004-1925, CVE-2004-1926, CVE-2004-1927, CVE-2004-1928
BID: 10100