[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVE-2016-10143: Vulnerability to read arbitrary files in "Tiki Wiki"

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: CVE-2016-10143: Vulnerability to read arbitrary files in "Tiki Wiki"
From: Leon.Zhao.7@xxxxxxxxx
Date: Fri, 10 Mar 2017 09:26:16 GMT

Credits
===============
Zhao Liang, Huawei Weiran Labs


Vendor:
===============
Tiki


Product:
========================
Tiki Wiki CMS

The Tiki Wiki CMS Groupware project (aka TikiWiki or Tiki) is an open source 
initiative that releases and maintains a powerful OpenSource Content Management 
System (CMS) and Groupware called Tiki.


Vulnerability Type:
================================
Access Validation Error


CVE Reference:
==============
CVE-2016-10143


Vulnerability Details:
=====================
This vulnerability allows remote users to read arbitrary files on a targeted 
system via a crafted pathname in the banner URL field of Tiki Wiki.


Exploitation Technique:
=======================
Remote


Severity Level:
===============
High


Best Regards,
Zhao Liang, Huawei Weiran Labs

Prev by Date: [SECURITY] [DSA 3805-1] firefox-esr security update
Next by Date: [security bulletin] HPESBHF03716 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Remote Authentication Bypass
Previous by thread: [SECURITY] [DSA 3805-1] firefox-esr security update
Next by thread: [security bulletin] HPESBHF03716 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Remote Authentication Bypass
Index(es):
- Date
- Thread