Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tiki Wiki <= 15.1 ELFinder Unauthenticated File Upload RCE
Vulnerability Description
An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector (connector.minimal.php), which allows remote attackers to upload and execute malicious PHP scripts in the context of the web server. The vulnerable component does not enforce file type validation, allowing attackers to craft a POST request to upload executable PHP payloads through the ELFinder interface exposed at /vendor_extra/elfinder/.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Tiki Wiki CMS Groupware 安全漏洞
Vulnerability Description
Tiki Wiki CMS Groupware是一套基于Wiki的开源内容管理系统和在线办公套件。 Tiki Wiki CMS Groupware 15.1及之前版本存在安全漏洞,该漏洞源于ELFinder组件文件类型验证不当,可能导致任意文件上传。
CVSS Information
N/A
Vulnerability Type
N/A