CVE-2007-5684

Tikiwiki Cms/groupware < 1.9.8.1 - Path Traversal

Title source: rule

Description

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded "..%2F" sequences in the imp_language parameter to tiki-imexport_languages.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by L4teral · textwebappsphp

https://www.exploit-db.com/exploits/4568

View Code ZIP pw:eip

References (2)

Core 2

Core References

Various Sources x_refsource_confirm

http://info.tikiwiki.org/tiki-read_article.php?articleId=15

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/482801/30/0/threaded

Scores

EPSS 0.0193

EPSS Percentile 83.5%

Details

CWE

CWE-22

Status published

Products (11)

tiki/tikiwiki_cms\/groupware 1.6.1

tiki/tikiwiki_cms\/groupware 1.9.0 (4 CPE variants)

tiki/tikiwiki_cms\/groupware 1.9.1

tiki/tikiwiki_cms\/groupware 1.9.2

tiki/tikiwiki_cms\/groupware 1.9.3

tiki/tikiwiki_cms\/groupware 1.9.4

tiki/tikiwiki_cms\/groupware 1.9.5

tiki/tikiwiki_cms\/groupware 1.9.6

tiki/tikiwiki_cms\/groupware 1.9.7

tiki/tikiwiki_cms\/groupware 1.9.8

... and 1 more

Published Oct 26, 2007

Tracked Since Feb 18, 2026