[pkg-tikiwiki-devel] Bug#388122: CVE-2006-4734: tikiwiki arbitrary
SQL execution vulnerability
Stefan Fritsch
sf at sfritsch.de
Mon Sep 18 18:11:49 UTC 2006
Package: tikiwiki
Severity: grave
Tags: security
Justification: user security hole
A security issue has been found in tikiwiki:
Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php
in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL
commands via the (1) pid and (2) where parameters.
Please mention the CVE id in the changelog.
More information about the pkg-tikiwiki-devel
mailing list