FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-4602

This CVE name corresponds to:

Entered Topic
2006-09-30 tikiwiki -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2006-4602
Phase Assigned(20060906)

Description

Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.

References

Source Reference
MILW0RM 2288
MISC http://isc.sans.org/diary.php?storyid=1672
CONFIRM http://tikiwiki.org/tiki-read_article.php?articleId=136
GENTOO GLSA-200609-16
BID 19819
VUPEN ADV-2006-3450
OSVDB 28456
SECUNIA 21733
SECUNIA 22100