FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tikiwiki -- multiple vulnerabilities

Affected packages
tikiwiki < 1.9.5

Details

VuXML ID e4c62abd-5065-11db-a5ae-00508d6a62df
Discovery 2006-08-21
Entry 2006-09-30

Secunia reports:

Thomas Pollet has discovered a vulnerability in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "highlight" parameter in tiki-searchindex.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

rgod has discovered a vulnerability in TikiWiki, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the "jhot.php" script not correctly verifying uploaded files. This can e.g. be exploited to execute arbitrary PHP code by uploading a malicious PHP script to the "img/wiki" directory.

References

Bugtraq ID 19654
Bugtraq ID 19819
CVE Name CVE-2006-4299
CVE Name CVE-2006-4602
URL http://secunia.com/advisories/21536/
URL http://secunia.com/advisories/21733/