CVE-2006-2635

Name of the Vulnerable Software and Affected Versions Tikiwiki versions 1.9.x

Description The issue allows remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags. This can be done through various parameters in different PHP files, including offset and days in "tiki-lastchanges.php", find and offset in "tiki-orphan pages.php", offset and initial in "tiki-listpages.php", and an unspecified field in "tiki-remind password.php". Additionally, remote authenticated users with admin privileges can inject arbitrary web script or HTML via unspecified fields in various admin PHP files, including "tiki-admin.php", "tiki-admin rssmodules.php", "tiki-syslog.php", "tiki-adminusers.php", "tiki-admin hotwords.php", "tiki-admin modules.php", "tiki-admin notifications.php", "tiki-admin dsn.php", "tiki-admin content templates.php", and "tiki-admin chat.php". The offset parameter is vulnerable in several of these files.

Recommendations For Tikiwiki version 1.9.x, consider disabling the affected PHP files until a patch is available. Restrict access to the vulnerable parameters, such as offset, days, find, initial, numrows, Name, and Dsn, to minimize the risk of exploitation. Avoid using unspecified fields in admin actions, such as metatags and "Assign new module", until the issue is resolved. As a temporary workaround, limit the privileges of admin users to reduce the potential impact of the issue.