Published: 12/07/2012 Updated: 21/01/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

TikiWiki CMS/Groupware prior to 6.7 LTS and prior to 8.4 allows remote malicious users to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tiki tikiwiki cms\\/groupware

Tiki Wiki CMS Groupware versions 83 and below suffer from an unserialize() PHP code execution vulnerability ...

<?php /* ----------------------------------------------------------------- Tiki Wiki CMS Groupware <= 83 "unserialize()" PHP Code Execution ----------------------------------------------------------------- author: Egidio Romano aka EgiX mail: n0b0d13s[at]gmail[dot]com software link: htt ...

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit ...

CWE-502 http://dev.tiki.org/item4109 http://info.tiki.org/article191-Tiki-Releases-8-4 http://osvdb.org/83534 http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS http://www.securityfocus.com/bid/54298 http://www.exploit-db.com/exploits/19573 http://www.exploit-db.com/exploits/19630 https://exchange.xforce.ibmcloud.com/vulnerabilities/76758 https://nvd.nist.gov https://packetstormsecurity.com/files/114479/Tiki-Wiki-CMS-Groupware-8.3-Code-Execution.html https://www.exploit-db.com/exploits/19573/

CVE-2012-0911

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect