Description
Unauthenticated users can execute arbitrary code do to a vulnerability in the Calendar module.
Remediation
Upgrade Tiki Wiki CMS to version 14.2, 12.5 LTS, 9.11 LTS, 6.15 or above (recommended). If that is not possible, disable the calendar feature, or at the very minimum make the calendar feature accessible only to trusted users.
References
Related Vulnerabilities
Oracle JavaServer Faces multiple vulnerabilities
Unrestricted access to NGINX+ API interface (read only)
WordPress Plugin Google Doc Embedder Arbitrary File Disclosure (2.4.6)
Zend Framework local file disclosure via XXE injection
WordPress Plugin WordPress Mobile Pack Information Disclosure (2.0.1)