CVE-2012-0911

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-0911. PoCs published by Metasploit, EgiX, EgiX, juan vazquez, including Metasploit module exploits/unix/webapp/tikiwiki_unserialize_exec.

AI-analyzed exploit summary This Metasploit module exploits a PHP unserialize() vulnerability in Tiki Wiki <= 8.3 to achieve remote code execution by leveraging the __destruct() method of the Zend_Pdf_ElementFactory_Proxy class to write arbitrary PHP code to a file on the web server.

Description

TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsphp

https://www.exploit-db.com/exploits/19630

View Code ZIP pw:eip

This Metasploit module exploits a PHP unserialize() vulnerability in Tiki Wiki <= 8.3 to achieve remote code execution by leveraging the __destruct() method of the Zend_Pdf_ElementFactory_Proxy class to write arbitrary PHP code to a file on the web server.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Tiki Wiki <= 8.3

No auth needed

Prerequisites: display_errors PHP setting must be On · Tiki Wiki Multiprint feature must be enabled · PHP version older than 5.3.4

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by EgiX · phpwebappsphp

https://www.exploit-db.com/exploits/19573

View Code ZIP pw:eip

This exploit leverages a PHP deserialization vulnerability in Tiki Wiki CMS Groupware <= 8.3 to achieve remote code execution. It constructs a malicious serialized object using Zend Framework classes to write a PHP shell to the target system.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Tiki Wiki CMS Groupware <= 8.3

No auth needed

Prerequisites: Target must be running Tiki Wiki CMS Groupware <= 8.3 · Multi-print feature must be enabled

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by EgiX, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/tikiwiki_unserialize_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a PHP unserialize() vulnerability in Tiki Wiki <= 8.3 to achieve remote code execution by leveraging the __destruct() method of the Zend_Pdf_ElementFactory_Proxy class to write arbitrary PHP code to a file on the server.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Tiki Wiki <= 8.3

No auth needed

Prerequisites: display_errors must be On · Multiprint feature must be enabled · PHP version older than 5.3.4

MITRE ATT&CK