CVE-2005-0200
TikiWiki < 1.8.5 - Unauthenticated Arbitrary PHP File Upload
Title source: llmDescription
TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386.
References (3)
Core 3
Core References
Patch vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200501-41.xml
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/13948
Patch x_refsource_confirm
http://tikiwiki.org/art102
Scores
EPSS
0.0245
EPSS Percentile
82.5%
Details
CWE
CWE-20
Status
published
Products (1)
tiki/tikiwiki_cms\/groupware
< 1.6.1
Published
May 02, 2005
Tracked Since
Feb 18, 2026