CVE-2012-3996

TikiWiki CMS/Groupware < 8.2 - Exposure of Sensitive Information via Direct Request

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-3996. PoCs published by Metasploit, EgiX.

AI-analyzed exploit summary This Metasploit module exploits a PHP unserialize() vulnerability in Tiki Wiki <= 8.3 to achieve remote code execution by leveraging the __destruct() method of the Zend_Pdf_ElementFactory_Proxy class to write arbitrary PHP code to a file on the web server.

Description

TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsphp

https://www.exploit-db.com/exploits/19630

View Code ZIP pw:eip

This Metasploit module exploits a PHP unserialize() vulnerability in Tiki Wiki <= 8.3 to achieve remote code execution by leveraging the __destruct() method of the Zend_Pdf_ElementFactory_Proxy class to write arbitrary PHP code to a file on the web server.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Tiki Wiki <= 8.3

No auth needed

Prerequisites: display_errors PHP setting must be On · Tiki Wiki Multiprint feature must be enabled · PHP version older than 5.3.4

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by EgiX · phpwebappsphp

https://www.exploit-db.com/exploits/19573