GLSA-200801-10 : TikiWiki: Multiple vulnerabilities

Critical Nessus Plugin ID 30089


The remote Gentoo host is missing one or more security-related patches.


The remote host is affected by the vulnerability described in GLSA-200801-10 (TikiWiki: Multiple vulnerabilities)

Jesus Olmos Gonzalez from isecauditors reported insufficient sanitization of the 'movies' parameter in file tiki-listmovies.php (CVE-2007-6528).
Mesut Timur from H-Labs discovered that the input passed to the 'area_name' parameter in file tiki-special_chars.php is not properly sanitised before being returned to the user (CVE-2007-6526).
redflo reported multiple unspecified vulnerabilities in files tiki-edit_css.php, tiki-list_games.php, and tiki-g-admin_shared_source.php (CVE-2007-6529).
Impact :

A remote attacker can craft the 'movies' parameter to run a directory traversal attack through a '..' sequence and read the first 1000 bytes of any arbitrary file, or conduct a cross-site scripting (XSS) attack through the 'area_name' parameter. This attack can be exploited to execute arbitrary HTML and script code in a user's browser session, allowing for the theft of browser session data or cookies in the context of the affected website. The impacts of the unspecified vulnerabilities are still unknown.
Workaround :

There is no known workaround at this time.


All TikiWiki users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/tikiwiki-1.9.9'

See Also

Plugin Details

Severity: Critical

ID: 30089

File Name: gentoo_GLSA-200801-10.nasl

Version: $Revision: 1.13 $

Type: local

Published: 2008/01/27

Modified: 2016/11/11

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:tikiwiki, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 2008/01/23

Reference Information

CVE: CVE-2007-6526, CVE-2007-6528, CVE-2007-6529

OSVDB: 41175, 41176, 41177, 41178, 41179

GLSA: 200801-10

CWE: 22, 79