Description

Unauthenticated users can download arbitrary files from the web server due to a vulnerability in vendor/player/flv/flv_stream.php.

Remediation

Upgrade Tiki Wiki CMS to version 12.8, 14.3, 15.1 or above (recommended)

References

Tiki Wiki Announcement (2016-06-15)

Tiki Wiki CMS 15.0 Arbitrary File Download

Related Vulnerabilities

WordPress Plugin MAC PHOTO GALLERY Arbitrary File Download (3.0)

WordPress Plugin WordPress Mobile Pack Information Disclosure (2.0.1)

Joomla! Core 3.x.x Information Disclosure (3.4.0 - 3.6.5)

WordPress Plugin Better WordPress Minify Arbitrary File Disclosure (1.2.2)

WordPress Plugin Stop User Enumeration Security Bypass (1.3.18)

Severity

High

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure