Tiki Wiki CMS Groupware Local File Include And Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

Tiki Wiki CMS Groupware is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks. The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie- based authentication credentials and launch other attacks. Tiki Wiki CMS Groupware 5.2 is vulnerable other versions may also be affected.

References

http://www.johnleitch.net/Vulnerabilities/Tiki.Wiki.CMS.Groupware.5.2.Local.File.Inclusion/46
http://www.johnleitch.net/Vulnerabilities/Tiki.Wiki.CMS.Groupware.5.2.Reflected.Cross-site.Scripting/44
http://www.tiki.org
https://www.securityfocus.com/bid/43507

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat Login Constraints Security Bypass Vulnerability
An Image Gallery Multiple Cross-Site Scripting Vulnerability
Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
Apache Struts2/XWork Remote Command Execution Vulnerability
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability

Tiki Wiki CMS Groupware Local File Include and Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities