|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
Hiki contains a flaw that may allow a malicious user to gain access to unauthorized privileges. In versions 0.6.3 and 0.7-devel-20040407, an attacker, who has first bypassed the application's authentication by issuing artibrary queries as though following the "OK" link, may embed arbitrary code into the configuration file, which runs with the privileges of the CGI program. In versions 0.6.4 and 0.7-devel-20040618, the attacker must be an authenticated user before being allowed to embed arbitrary code in the configuration file. This flaw may lead to a loss of integrity.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Rumored / Private
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to version 0.6.5, 0.7.0-devel-20040626 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
Hiki
 |
0.7-devel-20040618 |
0.6.4 |
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
