Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Gentoo: GLSA-200609-16 High: Tikiwiki Remote Command Execution

gentoo
Calendar Grey September 26, 2006
Dist Gentoo Esm H88
Tikiwiki has critical security flaws such as unauthorized command execution and exposure to XSS attacks. Immediate upgrade is advised.
Tikiwiki contains a cross-site scripting (XSS) vulnerability as well as a second vulnerability which may allow remote execution of arbitrary code

Summary

Gentoo Linux Security Advisory GLSA 200609-16 https://security.gentoo.org/ Severity: High Title: Tikiwiki: Arbitrary command execution Date: September 26, 2006 Bugs: #145714 ID: 200609-16

Synopsis ======= Tikiwiki contains a cross-site scripting (XSS) vulnerability as well as a second vulnerability which may allow remote execution of arbitrary code.
Background ========= Tikiwiki is a web-based groupware and content management system, developed with PHP, ADOdb and Smarty.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/tikiwiki < 1.9.5 >= 1.9.5
========== A vulnerability in jhot.php allows for an unrestricted file upload to the img/wiki/ director...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory Gentoo high severity cross-site scripting remote execution

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory Gentoo high severity cross-site scripting remote execution

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here