Credits =============== Zhao Liang, Huawei Weiran Labs Vendor: =============== Tiki Product: ======================== Tiki Wiki CMS The Tiki Wiki CMS Groupware project (aka TikiWiki or Tiki) is an open source initiative that releases and maintains a powerful OpenSource Content Management System (CMS) and Groupware called Tiki. Vulnerability Type: ================================ Access Validation Error CVE Reference: ============== CVE-2016-10143 Vulnerability Details: ===================== This vulnerability allows remote users to read arbitrary files on a targeted system via a crafted pathname in the banner URL field of Tiki Wiki. Exploitation Technique: ======================= Remote Severity Level: =============== High Best Regards, Zhao Liang, Huawei Weiran Labs