BugTraq
CVE-2016-10143: Vulnerability to read arbitrary files in "Tiki Wiki" Mar 10 2017 09:26AM
Leon Zhao 7 gmail com
Credits
===============
Zhao Liang, Huawei Weiran Labs

Vendor:
===============
Tiki

Product:
========================
Tiki Wiki CMS

The Tiki Wiki CMS Groupware project (aka TikiWiki or Tiki) is an open source initiative that releases and maintains a powerful OpenSource Content Management System (CMS) and Groupware called Tiki.

Vulnerability Type:
================================
Access Validation Error

CVE Reference:
==============
CVE-2016-10143

Vulnerability Details:
=====================
This vulnerability allows remote users to read arbitrary files on a targeted system via a crafted pathname in the banner URL field of Tiki Wiki.

Exploitation Technique:
=======================
Remote

Severity Level:
===============
High

Best Regards,
Zhao Liang, Huawei Weiran Labs

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus