FreeBSD : tikiwiki -- multiple vulnerabilities (e4c62abd-5065-11db-a5ae-00508d6a62df)
High Nessus Plugin ID 22490
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionSecunia reports :
Thomas Pollet has discovered a vulnerability in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the 'highlight' parameter in tiki-searchindex.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
rgod has discovered a vulnerability in TikiWiki, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the 'jhot.php' script not correctly verifying uploaded files. This can e.g. be exploited to execute arbitrary PHP code by uploading a malicious PHP script to the 'img/wiki' directory.
SolutionUpdate the affected package.