Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 136723 - www-apps/tikiwiki: < SQL injection and multiple XSS (CVE-2006-2635)
Summary: www-apps/tikiwiki: < SQL injection and multiple XSS (CVE-2006-2635)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa] Falco
Depends on:
Reported: 2006-06-13 16:56 UTC by Raphael Marichez (Falco) (RETIRED)
Modified: 2006-06-28 23:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-06-13 16:56:46 UTC
(confirmed on the TikiWiki changelog webpage : "This release mainly enhances security with more protection and introduces various enhancements. It includes the security fixes in Tiki" )

[#] Security Advisory

[>] Advisory Title: TikiWiki Sql injection & XSS Vulnerabilities
[@] Author : bug [@]
[$] Product Vendor :
[.] Affected Versions : (and maybe before)
[/] Release Date : 06/13/2006
[*] Overview :
Tikiwiki is a very powerful multilingual Wiki/CMS/Groupware, but
it has some security bugs too .
One sql injection and several cross-site scripting bugs have
been found in tikiwiki (and tested in .

[*] Details :
No exploitable detail is going to be released .

[*] Solution :
Vendor contacted on 06/09/2006 and they have been released a new
version (tikiwiki 1.9.4) :

Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-06-13 16:58:00 UTC
Hello web-apps, please work again on tikiwiki :/ is out and corrects the SQL injection vulnerability and XSS issues.

Thanks in advance
Comment 2 Renat Lumpau (RETIRED) gentoo-dev 2006-06-17 17:27:38 UTC
1.9.4 in CVS
Comment 3 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-06-17 17:33:08 UTC
Thanks rl03

ppc team, please test and mark stable, thank you
Comment 4 Tobias Scherbaum (RETIRED) gentoo-dev 2006-06-25 00:37:39 UTC
ppc stable
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2006-06-25 10:14:52 UTC
I would vote yes.
Comment 6 Wolf Giesen (RETIRED) gentoo-dev 2006-06-25 10:20:15 UTC
Yes. (/sigh)
Comment 7 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-06-25 11:00:13 UTC
because of sql injection, (and not because of the xss issue), i vote yes.

GLSA will have to be combined with bug 134483

Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-06-28 23:08:51 UTC
GLSA 200606-29