TikiWiki CMS/Groupware Input Sanitation Weakness Vulnerability

Summary

The host is installed with TikiWiki and is prone to input sanitation weakness vulnerability.

Impact

Successful exploitation could allow arbitrary code execution in the context of an affected site. Impact Level: Application

Solution

Upgrade to version 2.2 or latest http://info.tikiwiki.org/tiki-index.php?page=Get+Tiki&bl

Insight

The vulnerability is due to input validation error in tiki-error.php which fails to sanitise before being returned to the user.

Affected

TikiWiki CMS/Groupware version prior to 2.2 on all running platform

References

Updated on 2015-03-25

Severity

Medium Severity

Classification

CVE CVE-2008-5318, CVE-2008-5319

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities