CVE-2005-1925

Name of the Vulnerable Software and Affected Versions Tikiwiki versions prior to 1.9.1

Description The issue allows remote attackers to read arbitrary files and execute commands. This can be achieved via the suck url parameter to "tiki-editpage.php" or the language parameter to "tiki-user preferences.php".

Recommendations For versions prior to 1.9.1, update to version 1.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "tiki-editpage.php" and "tiki-user preferences.php" scripts until the update is applied. Avoid using the suck url and language parameters in the affected scripts until the issue is resolved.