oss-sec mailing list archives

Re: CVE request: tikiwiki <= 5.2 XSS, CSRF, file inclusion

From: Josh Bressers <bressers () redhat com>
Date: Mon, 22 Nov 2010 11:16:45 -0500 (EST)


----- "Hanno Böck" <hanno () hboeck de> wrote:

See:
http://packetstormsecurity.org/files/view/94257/tikiwiki52-lfi.txt
http://packetstormsecurity.org/files/view/94256/tikiwiki52-xsrf.txt
http://packetstormsecurity.org/files/view/94255/tikiwiki52-xss.txt

All fixed in 5.3 and 3.8:
http://info.tiki.org/article113-Tiki-Wiki-CMS-Groupware-Releases-5-3-and-3-8-LTS-Security-Patches


Sorry for the delay.

CVE-2010-4239 tikiwiki local file inclusion
CVE-2010-4240 tikiwiki xss
CVE-2010-4241 tikiwiki csrf

Thanks.

-- 
    JB

Current thread:

CVE request: tikiwiki <= 5.2 XSS, CSRF, file inclusion Hanno Böck (Nov 18)
- Re: CVE request: tikiwiki <= 5.2 XSS, CSRF, file inclusion Josh Bressers (Nov 22)