The exploit demonstrates an arbitrary file download vulnerability in Tiki Wiki CMS 15.0 via the `flv_stream.php` file, which fails to properly sanitize user input in the `file` parameter, allowing directory traversal attacks. The PoC includes a functional example to download the database configuration file.
Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:Tiki Wiki CMS 15.0
No auth needed
Prerequisites:Access to the vulnerable `flv_stream.php` endpoint