HTTP: TikiWiki Upload PHP Command Execution
This signature detects an attempt to exploit a known vulnerability against the TikiWiki CMS server application. A maliciously crafted file uploaded to the TikWiki CMS server application, can allow an attacker to execute arbitrary code within the context of the Web server's permissions.
Extended Description
Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload.
Affected Products
Tikiwiki_project tikiwiki
References
BugTraq: 10100
CVE: CVE-2004-1928
URL: http://tikiwiki.org/tiki-read_article.php?articleId=66 http://security.gentoo.org/glsa/glsa-200501-12.xml
Short Name
HTTP:PHP:TIKIWIKI-CMD-EXEC
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2004-1928 Command Execution PHP TikiWiki Upload bid:10100
Release Date
07/26/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Tikiwiki_project
CVSS Score
7.5