ID de Prueba:	1.3.6.1.4.1.25623.1.0.802946
Categoría:	Web application abuses
Título:	Tiki Wiki CMS Groupware jhot.php RCE Vulnerability
Resumen:	Tiki Wiki CMS Groupware is prone to a remote command execution; (RCE) vulnerability.
Descripción:	Summary: Tiki Wiki CMS Groupware is prone to a remote command execution (RCE) vulnerability. Vulnerability Insight: The flaw is due to 'jhot.php' script not correctly verifying uploaded files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script to the 'img/wiki' directory. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary system commands with the privileges of the webserver process. Affected Software/OS: Tiki Wiki CMS Groupware version 1.9.4 and prior. Solution: Update to version 1.9.5 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4602 BugTraq ID: 19819 http://www.securityfocus.com/bid/19819 https://www.exploit-db.com/exploits/2288 http://security.gentoo.org/glsa/glsa-200609-16.xml http://isc.sans.org/diary.php?storyid=1672 http://www.osvdb.org/28456 http://secunia.com/advisories/21733 http://secunia.com/advisories/22100 http://www.vupen.com/english/advisories/2006/3450
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.