|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
TikiWiki Sql injection & XSS Vulnerabilities
bug
securitynews.ir
Date: Tue Jun 13 2006 - 15:23:37 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------
[#] Security Advisory
[^] http://securitynews.ir/
[>] Advisory Title: TikiWiki Sql injection & XSS Vulnerabilities
[] Author : bug [] securitynews.ir
[$] Product Vendor : http://tikiwiki.org/
[.] Affected Versions : 1.9.3.2 (and maybe before)
[/] Release Date : 06/13/2006
----------------------------------------------------------------
[*] Overview :
Tikiwiki is a very powerful multilingual Wiki/CMS/Groupware, but
it has some security bugs too .
One sql injection and several cross-site scripting bugs have
been found in tikiwiki 1.9.3.2 (and tested in 1.9.3.1) .
[*] Details :
No exploitable detail is going to be released .
[*] Solution :
Vendor contacted on 06/09/2006 and they have been released a new
version (tikiwiki 1.9.4) :
http://sourceforge.net/project/showfiles.php?group_id=64258
------------------------------
http://securitynews.ir/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]