N/A

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded "..%2F" sequences in the imp_language parameter to tiki-imexport_languages.php.

N/A

N/A

Tikiwiki 多个目录遍历漏洞

TikiWiki 1.9.8.1版本及其早期版本中存在多个目录遍历漏洞。远程攻击者可以借助(1) error_handler_file和(2) 对(a) tiki-index.php的local_php参数, 或 (3) 对tiki-imexport_languages.php的imp_language参数的编码的"..%2F"序列，包含并执行任意文件。

N/A

N/A