Signature Detail

Short Name	HTTP:PHP:TIKIWIKI-CMD-EXEC
Severity	Medium
Recommended	No
Category	HTTP
Keywords	TikiWiki Upload PHP Command Execution
Release Date	2005/07/26
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: TikiWiki Upload PHP Command Execution

This signature detects an attempt to exploit a known vulnerability against the TikiWiki CMS server application. A maliciously crafted file uploaded to the TikWiki CMS server application, can allow an attacker to execute arbitrary code within the context of the Web server's permissions.

Extended Description

Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload.

Affected Products

TikiWiki Project TikiWiki 1.8.0
TikiWiki Project TikiWiki 1.8.1

References

BugTraq: 10100
CVE: CVE-2004-1928
URL: http://tikiwiki.org/tiki-read_article.php?articleId=66
URL: http://security.gentoo.org/glsa/glsa-200501-12.xml

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: TikiWiki Upload PHP Command Execution

Extended Description

Affected Products

References