GLSA-200507-06 : TikiWiki: Arbitrary command execution through XML-RPC
High Nessus Plugin ID 18647
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200507-06 (TikiWiki: Arbitrary command execution through XML-RPC)
TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01.
A remote attacker could exploit this vulnerability to execute arbitrary PHP code by sending specially crafted XML data.
There is no known workaround at this time.
SolutionAll TikiWiki users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/tikiwiki-1.8.5-r1'