Summary
This host is running TikiWiki and is prone to remote command execution vulnerability.
Impact
Successful exploitation will let the attacker execute arbitrary system commands with the privileges of the webserver process.
Impact Level: System/Application
Solution
Upgrade to TikiWiki version 1.9.5 or later
For updates refer to http://info.tiki.org/Download
Insight
The flaw is due to 'jhot.php' script not correctly verifying uploaded files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script to the 'img/wiki' directory.
Affected
TikiWiki version 1.9.4 and prior
References
Severity
Classification
-
CVE CVE-2006-4602 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities