Description

Unauthenticated users can upload and execute arbitrary code due to a vulnerability in a preinstalled third-party component ("ELFinder"). An unauthenticated user can upload and PHP file with arbitrary code and execute it with the permissions of the web server user.

Remediation

Upgrade Tiki Wiki CMS to version 12.9, 14.4, 15.2 or above (recommended)

References

Related Vulnerabilities