Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded "..%2F" sequences in the imp_language parameter to tiki-imexport_languages.php.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2007-10-26T18:00:00
Updated: 2007-12-21T10:00:00
Reserved: 2007-10-26T00:00:00
Link: CVE-2007-5684
JSON object: View
NVD Information
Status : Analyzed
Published: 2007-10-26T18:46:00.000
Modified: 2012-10-24T04:00:00.000
Link: CVE-2007-5684
JSON object: View
Redhat Information
No data.
CWE