Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and previous versions allows remote malicious users to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tiki tikiwiki cms\\/groupware 1.9.4 |