TikiWiki image file command execution
| tikiwiki-image-command-execution (18691) |  High Risk |
Description:
Tiki CMS/Groupware (TikiWiki) could allow a remote authenticated attacker to execute arbitrary commands, caused by a vulnerability when uploading image files. A remote authenticated attacker, with upload privileges, could initiate the edit page and upload a malicious PHP script to the 'img/wiki_up' directory to execute code on the Web server.
Consequences:
Gain Privileges
Remedy:
Upgrade to the appropriate fixed version, available from the Tiki Project Web page. See References.
For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2005-01-12 for patch, upgrade, or suggested workaround information. See References.
References:
- CIAC Information Bulletin P-084: TikiWiki Vulnerability.
- Tiki Project Web page: Project: Tiki CMS/Groupware: File List.
- TikiWiki Web page: Project: Tiki CMS/Groupware: Summary.
- BID-12110: TikiWiki Unauthorized File Upload Vulnerability
- CVE-2004-1386: TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200.
- GLSA-200501-12: TikiWiki: Arbitrary command execution
- OSVDB ID: 12628: TikiWiki Picture Feature Arbitrary Command Execution
- SECTRACK ID: 1012700: TikiWiki Pictures Feature Lets Remote Users Execute Arbitrary Commands
Platforms Affected:
- Gentoo Linux
- TikiWiki TikiWiki 1.7.9
- TikiWiki TikiWiki 1.8.5
- TikiWiki TikiWiki 1.9dr4
Reported:
Dec 24, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net