CVE-2004-1927
published 2004-04-11CVE-2004-1927: Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine…
PriorityP429medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.71%
88.4th percentile
Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tiki | tikiwiki_cms_groupware | <= 1.8.1 | — |
| tiki | tikiwiki_cms_groupware | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
TikiWiki Project 1.8 - 'tiki-map.phtml' Traversal Arbitrary File / Directory Enumeration
exploitdb·2004-04-12
CVE-2004-1927 TikiWiki Project 1.8 - 'tiki-map.phtml' Traversal Arbitrary File / Directory Enumeration
TikiWiki Project 1.8 - 'tiki-map.phtml' Traversal Arbitrary File / Directory Enumeration
---
source: https://www.securityfocus.com/bid/10100/info
Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload.
/tiki-map.phtml?mapfile=../../../../var/
Exploit-DB
TikiWiki < 1.8.1 - Multiple Vulnerabilities
exploitdb·2004-04-11·CVSS 5.0
CVE-2004-1923 [MEDIUM] TikiWiki < 1.8.1 - Multiple Vulnerabilities
TikiWiki Theme
User Profile > Country Field
User Profile > Real Name
User Profile > Displayed time zone
Directory > Add Site > Name
Directory > Add Site > Description
Directory > Add Site > URL
Directory > Add Site > Country
Remote File/Dir Enumeration Via Traversal:
This issue deals with the map feature TikiWiki uses. If you are using a version prior to 1.8 or if you have not enabled the map feature this probably does not affect you. The map feature calls a .map file to display whatever map a user would like to view, but the problem with this is that it allows you to traverse out of the web directory and call files elsewhere on the box. While this does not allow you to say pull up a file for viewing or download, it will allow you to confirm the existence of both files and directories on
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=108180073206947&w=2http://secunia.com/advisories/11344http://tikiwiki.org/tiki-read_article.php?articleId=66http://www.securityfocus.com/bid/10100https://exchange.xforce.ibmcloud.com/vulnerabilities/15848http://marc.info/?l=bugtraq&m=108180073206947&w=2http://secunia.com/advisories/11344http://tikiwiki.org/tiki-read_article.php?articleId=66http://www.securityfocus.com/bid/10100https://exchange.xforce.ibmcloud.com/vulnerabilities/15848
2004-04-11
Published