CVE-2007-5683

Name of the Vulnerable Software and Affected Versions TikiWiki versions 1.9.8.1 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the username parameter to the "tiki-remind password.php" page, IMG tags in wiki pages, and the local php parameter to "db/tiki-db.php".

Recommendations For TikiWiki versions 1.9.8.1 and earlier, consider disabling the password reminder feature and restricting the use of IMG tags in wiki pages until a fix is available. Avoid using the local php parameter in "db/tiki-db.php" to minimize the risk of exploitation.