CVE-2005-0200

TikiWiki < 1.8.5 - Unauthenticated Arbitrary PHP File Upload

Title source: llm
STIX 2.1

Description

TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386.

References (3)

Core 3
Core References
Patch vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200501-41.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/13948
Patch x_refsource_confirm
http://tikiwiki.org/art102

Scores

EPSS 0.0245
EPSS Percentile 82.5%

Details

CWE
CWE-20
Status published
Products (1)
tiki/tikiwiki_cms\/groupware < 1.6.1
Published May 02, 2005
Tracked Since Feb 18, 2026