CVE-2016-10143: Vulnerability to read arbitrary files in "Tiki Wiki"

From: Leon.Zhao.7@gmail.com
To: bugtraq@securityfocus.com
Cc:
Subject: CVE-2016-10143: Vulnerability to read arbitrary files in "Tiki Wiki"
Date: Fri, 10 March 2017 09:26 GMT


Credits
===============
Zhao Liang, Huawei Weiran Labs


Vendor:
===============
Tiki


Product:
========================
Tiki Wiki CMS

The Tiki Wiki CMS Groupware project (aka TikiWiki or Tiki) is an open source initiative that releases and maintains a powerful OpenSource Content Management System (CMS) and Groupware called Tiki.


Vulnerability Type:
================================
Access Validation Error


CVE Reference:
==============
CVE-2016-10143


Vulnerability Details:
=====================
This vulnerability allows remote users to read arbitrary files on a targeted system via a crafted pathname in the banner URL field of Tiki Wiki.


Exploitation Technique:
=======================
Remote


Severity Level:
===============
High


Best Regards,
Zhao Liang, Huawei Weiran Labs





Copyright © 1995-2017 LinuxRocket.net. All rights reserved.