Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1386

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-1386
Last Modified 24 Oct 2012 12:00:00
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1386

Summary

TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200.

Vulnerable Systems

Application

  • Tikiwiki Cms%2fgroupware 1.6.1

  • Tikiwiki Project Tikiwiki 1.7.1.1

  • Tikiwiki Project Tikiwiki 1.7.2

  • Tikiwiki Project Tikiwiki 1.7.3

  • Tikiwiki Project Tikiwiki 1.7.4

  • Tikiwiki Project Tikiwiki 1.7.5

  • Tikiwiki Project Tikiwiki 1.7.6

  • Tikiwiki Project Tikiwiki 1.7.7

  • Tikiwiki Project Tikiwiki 1.7.8

  • Tikiwiki Project Tikiwiki 1.8

  • Tikiwiki Project Tikiwiki 1.8.1

  • Tikiwiki Project Tikiwiki 1.8.2

  • Tikiwiki Project Tikiwiki 1.8.3

  • Tikiwiki Project Tikiwiki 1.8.4


References

BID - 12110

GENTOO - GLSA-200501-12

CONFIRM - http://tikiwiki.org/tiki-read_article.php?articleId=97

XF - tikiwiki-image-command-execution(18691)

CIAC - P-084

OSVDB - 12628

SECTRACK - 1012700


Last Updated: 27 May 2016 11:01:15