We have found that the following lines of code from Tiki
CMSGroupware are vulnerable to script injection. We
have listed them below. If you'd like more detailed
information, please feel welcome to e-mail me. More
importantly, if you intend to patch this vulnerability in
the future, please also reply and let me know. Thanks a
Yao-Wen (Wayne) Huang
Research assistant, Institute of Information Science,
Academia Sinica, Taiwan
Ph.D. candidate, Department of Electrical Engineering,
National Taiwan University
Line: 28, variable: $filename
$filename = "backups/$tikidomain".$_REQUEST
Since $filename came directly from HTTP requests, it
can not be used directly as parameters to call unlink().
Therefore the code is vulnerable, and allows an attacker
to execute unlink() with arbitrary parameters.
Log in to post a comment.