TikiWiki file upload vulnerability (jhot.php)

Added: 09/08/2006
CVE: CVE-2006-4602
BID: 19819
OSVDB: 28456

Background

TikiWiki is a multi-purpose web content management system written in PHP.

Problem

The jhot.php script allows remote attackers to upload arbitrary PHP commands into the img/wiki directory. The commands can then be executed by requesting the uploaded PHP file from a web browser.

Resolution

Upgrade to TikiWiki 1.9.5 or higher.

References

http://secunia.com/advisories/21733

Back to exploit index