Tiki Wiki CMS 15.2 Arbitrary File Read

Published
Credit
Risk
2017.03.12
Zhao Liang
Medium
CWE
CVE
Local
Remote
CWE-200
CVE-2016-10143
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

Credits
===============
Zhao Liang, Huawei Weiran Labs


Vendor:
===============
Tiki


Product:
========================
Tiki Wiki CMS

The Tiki Wiki CMS Groupware project (aka TikiWiki or Tiki) is an open source initiative that releases and maintains a powerful OpenSource Content Management System (CMS) and Groupware called Tiki.


Vulnerability Type:
================================
Access Validation Error


CVE Reference:
==============
CVE-2016-10143


Vulnerability Details:
=====================
This vulnerability allows remote users to read arbitrary files on a targeted system via a crafted pathname in the banner URL field of Tiki Wiki.


Exploitation Technique:
=======================
Remote


Severity Level:
===============
High


Best Regards,
Zhao Liang, Huawei Weiran Labs


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com