Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo: GLSA-200606-29 Normal: Tikiwiki SQL Injection and XSS Threats

gentoo
Calendar Grey June 29, 2006
Dist Gentoo Esm H88
Gentoo GLSA 202301-15 discusses vulnerabilities related to remote code execution and CSRF in Drupal. System updates are essential for maintaining security.
An SQL injection vulnerability and multiple XSS vulnerabilities have been discovered.

Summary

Gentoo Linux Security Advisory GLSA 200606-29 https://security.gentoo.org/ Severity: Normal Title: Tikiwiki: SQL injection and multiple XSS vulnerabilities Date: June 29, 2006 Bugs: #136723, #134483 ID: 200606-29

Synopsis ======= An SQL injection vulnerability and multiple XSS vulnerabilities have been discovered.
Background ========= Tikiwiki is a web-based groupware and content management system (CMS), using PHP, ADOdb and Smarty.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/tikiwiki < 1.9.4 >= 1.9.4
========== Tikiwiki fails to properly sanitize user input before processing it, including in SQL statements.
Impact ===== An attacker could ex...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory gentoo sql injection xss normal tikiwiki

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo sql injection xss normal tikiwiki

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here