TikiWiki unserialize() Function Arbitrary Code Execution

high Nessus Plugin ID 61733


The remote web server hosts an application that allows arbitrary code execution.


The version of the TikiWiki installed on the remote host contains a flaw that could allow a remote attacker to execute arbitrary code. The 'unserialize()' function is not properly sanitized before being used in the 'lib/banners/bannerlib.php', 'tiki-print_multi_pages.php', 'tiki-send_objects.php' and 'tiki-print_pages.php' scripts.

Successful exploitation of the vulnerability requires that the 'multiprint' feature is enabled, the PHP setting 'display_errors' must be set to 'On', and a PHP version older than 5.3.4 must be in use to allow poison NULL bytes in filesystem-related functions.


Upgrade to version 8.4 or later.

See Also



Plugin Details

Severity: High

ID: 61733

File Name: tikiwiki_unserialize_code_execution.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 8/30/2012

Updated: 4/11/2022

Configuration: Enable thorough checks

Risk Information


Risk Factor: High

Score: 7.4


Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P


Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:tikiwiki:tikiwiki

Required KB Items: www/PHP, www/tikiwiki

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 5/1/2012

Vulnerability Publication Date: 8/4/2012

Exploitable With

Metasploit (Tiki Wiki unserialize() PHP Code Execution)

Elliot (Tiki Wiki CMS Groupware 8.3 RCE)

Reference Information

CVE: CVE-2012-0911

BID: 54298