CVE-2011-4454

Name of the Vulnerable Software and Affected Versions Tiki versions 8.0 RC1 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via the path info to several PHP files, including (1) "tiki-remind password.php", (2) "tiki-index.php", (3) "tiki-login scr.php", or (4) "tiki-index".

Recommendations For Tiki versions 8.0 RC1 and earlier, consider disabling access to the vulnerable PHP files until a patch is available. Restrict access to the "tiki-remind password.php", "tiki-index.php", "tiki-login scr.php", and "tiki-index" files to minimize the risk of exploitation. Avoid using the path info to inject arbitrary web script or HTML in the affected PHP files until the issue is resolved.