CVE-2016-10143: Vulnerability to read arbitrary files in "Tiki Wiki"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Credits
===============
Zhao Liang, Huawei Weiran Labs


Vendor:
===============
Tiki


Product:
========================
Tiki Wiki CMS

The Tiki Wiki CMS Groupware project (aka TikiWiki or Tiki) is an open source initiative that releases and maintains a powerful OpenSource Content Management System (CMS) and Groupware called Tiki.


Vulnerability Type:
================================
Access Validation Error


CVE Reference:
==============
CVE-2016-10143


Vulnerability Details:
=====================
This vulnerability allows remote users to read arbitrary files on a targeted system via a crafted pathname in the banner URL field of Tiki Wiki.


Exploitation Technique:
=======================
Remote


Severity Level:
===============
High


Best Regards,
Zhao Liang, Huawei Weiran Labs



[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux