oss-sec mailing list archives

CVE request: tikiwiki <= 5.2 XSS, CSRF, file inclusion

From: Hanno Böck <hanno () hboeck de>
Date: Fri, 19 Nov 2010 00:22:40 +0100

See:
http://packetstormsecurity.org/files/view/94257/tikiwiki52-lfi.txt
http://packetstormsecurity.org/files/view/94256/tikiwiki52-xsrf.txt
http://packetstormsecurity.org/files/view/94255/tikiwiki52-xss.txt

All fixed in 5.3 and 3.8:
http://info.tiki.org/article113-Tiki-Wiki-CMS-Groupware-Releases-5-3-and-3-8-LTS-Security-Patches

-- 
Hanno Böck              Blog:           http://www.hboeck.de/
GPG: 3DBD3B20           Jabber/Mail:    hanno () hboeck de

http://schokokeks.org - professional webhosting

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

CVE request: tikiwiki <= 5.2 XSS, CSRF, file inclusion Hanno Böck (Nov 18)
- Re: CVE request: tikiwiki <= 5.2 XSS, CSRF, file inclusion Josh Bressers (Nov 22)