Tiki Wiki CMS Groupware ‘unserialize()’ PHP Code Execution Vulnerability

Summary

Tiki Wiki CMS Groupware is prone to a remote PHP code-execution vulnerability.

Credit:

The information has been provided by Egidio Romano.


Details

Vulnerable Systems:
 * Tiki Wiki CMS Groupware Tiki Wiki CMS Groupware 8.2 and prior

An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

Disclosure Timeline:
Published: October 26 2012

Categories: News