cbcvebase.
CVE-2010-4239
published 2019-10-28

CVE-2010-4239: Tiki Wiki CMS Groupware 5.2 has Local File Inclusion

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
13.43%
96.0th percentile
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion

Affected

2 ranges
VendorProductVersion rangeFixed in
tikitikiwiki_cms_groupware
tiki_wikicms_groupware

Detection & IOCsextracted from sources · hover to see the quote

url/tiki-jsplugin.php?plugin=x&language=../../../../../../../../../../windows/win.ini
path/tiki-jsplugin.php
  • HTTP GET request to /tiki-jsplugin.php with 'language' parameter containing path traversal sequence targeting windows/win.ini indicates exploitation attempt
  • Successful exploitation response body contains all three strings: 'bit app support', 'fonts', and 'extensions' (contents of windows/win.ini)
  • Shodan/FOFA fingerprint for exposed Tiki Wiki instances: search for http.html:"tiki wiki" or body="tiki wiki"
  • ·The LFI payload targets Windows systems specifically (windows/win.ini); a separate payload would be needed to detect exploitation on Linux/Unix hosts (e.g., /etc/passwd)
  • ·Vulnerability is confirmed for Tiki Wiki CMS Groupware version 5.2 specifically; other versions may or may not be affected

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.