Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0911

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-0911
Last Modified 24 Oct 2012 12:00:00
Published 12 Jul 2012 03:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-0911

Summary

TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.

Vulnerable Systems

Application

  • Tikiwiki 0.9

  • Tikiwiki 0.95

  • Tikiwiki 1.0

  • Tikiwiki 1.1

  • Tikiwiki 1.2

  • Tikiwiki 1.3

  • Tikiwiki 1.4

  • Tikiwiki 1.4.1

  • Tikiwiki 1.4.2

  • Tikiwiki 1.5

  • Tikiwiki 1.6

  • Tikiwiki 1.6.1

  • Tikiwiki 1.7

  • Tikiwiki 1.7.1

  • Tikiwiki 1.7.1.1

  • Tikiwiki 1.8

  • Tikiwiki 1.8.1

  • Tikiwiki 1.8.2

  • Tikiwiki 1.8.3

  • Tikiwiki 1.8.4

  • Tikiwiki 1.8.5

  • Tikiwiki 1.8.6

  • Tikiwiki 1.9

  • Tikiwiki 1.9 Rc1

  • Tikiwiki 1.9 Rc2

  • Tikiwiki 1.9 Rc3

  • Tikiwiki 1.9 Rc3.1

  • Tikiwiki 1.9.1

  • Tikiwiki 1.9.1.1

  • Tikiwiki 1.9.10

  • Tikiwiki 1.9.10.1

  • Tikiwiki 1.9.11

  • Tikiwiki 1.9.2

  • Tikiwiki 1.9.3

  • Tikiwiki 1.9.3.1

  • Tikiwiki 1.9.3.2

  • Tikiwiki 1.9.4

  • Tikiwiki 1.9.5

  • Tikiwiki 1.9.6

  • Tikiwiki 1.9.7

  • Tikiwiki 1.9.8

  • Tikiwiki 1.9.8.1

  • Tikiwiki 1.9.8.2

  • Tikiwiki 1.9.8.3

  • Tikiwiki 1.9.9

  • Tikiwiki 2.0

  • Tikiwiki 2.1

  • Tikiwiki 4.0

  • Tikiwiki 4.1

  • Tikiwiki 4.2

  • Tikiwiki 5.0

  • Tikiwiki 5.1

  • Tikiwiki 5.2

  • Tikiwiki 5.3

  • Tikiwiki 5.4

  • Tikiwiki 6.0

  • Tikiwiki 6.1

  • Tikiwiki 6.2

  • Tikiwiki 6.3

  • Tikiwiki 6.4

  • Tikiwiki 6.5

  • Tikiwiki 6.6

  • Tikiwiki 6.7

  • Tikiwiki 7.0

  • Tikiwiki 7.1

  • Tikiwiki 7.2

  • Tikiwiki 8.0

  • Tikiwiki 8.1

  • Tikiwiki 8.2

  • Tikiwiki 8.3

  • Tikiwiki Cms%2fgroupware 2.2

  • Tikiwiki Cms%2fgroupware 3.0

  • Tikiwiki Cms%2fgroupware 3.1

  • Tikiwiki Cms%2fgroupware 3.2

  • Tikiwiki Cms%2fgroupware 3.3

  • Tikiwiki Cms%2fgroupware 3.4

  • Tikiwiki Cms%2fgroupware 3.5

  • Tikiwiki Cms%2fgroupware 4.0

  • Tikiwiki Cms%2fgroupware 4.1

  • Tikiwiki Cms%2fgroupware 4.2

  • Tikiwiki Cms%2fgroupware 5.0

  • Tikiwiki Cms%2fgroupware 5.1

  • Tikiwiki Cms%2fgroupware 5.2

  • Tikiwiki Cms%2fgroupware 5.3

  • Tikiwiki Cms%2fgroupware 6.0

  • Tikiwiki Cms%2fgroupware 6.1

  • Tikiwiki Cms%2fgroupware 6.2

  • Tikiwiki Cms%2fgroupware 6.3

  • Tikiwiki Cms%2fgroupware 6.5

  • Tikiwiki Cms%2fgroupware 7.0

  • Tikiwiki Cms%2fgroupware 7.1

  • Tikiwiki Cms%2fgroupware 7.2

  • Tikiwiki Cms%2fgroupware 8.0

  • Tikiwiki Cms%2fgroupware 8.1

  • Tikiwiki Cms%2fgroupware 8.2

  • Tikiwiki Cms%2fgroupware 8.3


References

CONFIRM - http://info.tiki.org/article191-Tiki-Releases-8-4

CONFIRM - http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS

CONFIRM - http://dev.tiki.org/item4109

XF - tikiwiki-unserialize-code-exec(76758)

BID - 54298

EXPLOIT-DB - 19630

EXPLOIT-DB - 19573

OSVDB - 83534

BUGTRAQ - 20120704 [CVE-2012-0911] Tiki Wiki CMS Groupware <= 8.3

BUGTRAQ - 20120704 [CVE-2012-0911] Tiki Wiki CMS Groupware <= 8.3 "unserialize()" PHP Code Execution


Last Updated: 27 May 2016 11:01:14