TikiWiki Jhot.php Remote Command Execution Vulnerability Network Vulnerability

Summary

This host is running TikiWiki and is prone to remote command execution vulnerability.

Impact

Successful exploitation will let the attacker execute arbitrary system commands with the privileges of the webserver process. Impact Level: System/Application

Solution

Upgrade to TikiWiki version 1.9.5 or later For updates refer to http://info.tiki.org/Download

Insight

The flaw is due to 'jhot.php' script not correctly verifying uploaded files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script to the 'img/wiki' directory.

Affected

TikiWiki version 1.9.4 and prior

References

http://secunia.com/advisories/21733
http://www.exploit-db.com/exploits/2288/
http://www.osvdb.org/28456

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-4602

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
Apache Archiva Multiple Remote Command Execution Vulnerabilities
ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
Artmedic Kleinanzeigen File Inclusion Vulnerability

TikiWiki jhot.php Remote Command Execution Vulnerability

Take action and discover your vulnerabilities