CVE-2017-14925

Name of the Vulnerable Software and Affected Versions Tiki versions prior to 16.3 Tiki versions 17.x prior to 17.1 Tiki versions 12.x prior to 12.12 LTS Tiki versions 15.x prior to 15.5 LTS

Description A Cross-Site Request Forgery (CSRF) issue exists via the IMG element, allowing an authenticated user to modify global permissions if an administrator opens a malicious wiki page. This could lead to assigning administrator privileges to unauthenticated users, related to the tiki-objectpermissions.php file.

Recommendations For Tiki versions prior to 16.3, update to version 16.3 or later. For Tiki versions 17.x prior to 17.1, update to version 17.1 or later. For Tiki versions 12.x prior to 12.12 LTS, update to version 12.12 LTS or later. For Tiki versions 15.x prior to 15.5 LTS, update to version 15.5 LTS or later.