Home / exploits Tiki Wiki CMS 15.2 Arbitrary File Read
Posted on 30 November -0001
<HTML><HEAD><TITLE>Tiki Wiki CMS 15.2 Arbitrary File Read</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>Credits =============== Zhao Liang, Huawei Weiran Labs Vendor: =============== Tiki Product: ======================== Tiki Wiki CMS The Tiki Wiki CMS Groupware project (aka TikiWiki or Tiki) is an open source initiative that releases and maintains a powerful OpenSource Content Management System (CMS) and Groupware called Tiki. Vulnerability Type: ================================ Access Validation Error CVE Reference: ============== CVE-2016-10143 Vulnerability Details: ===================== This vulnerability allows remote users to read arbitrary files on a targeted system via a crafted pathname in the banner URL field of Tiki Wiki. Exploitation Technique: ======================= Remote Severity Level: =============== High Best Regards, Zhao Liang, Huawei Weiran Labs </BODY></HTML>