Skip to content

S1lkys/CVE-2020-29254

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

CVE-2020-29254

TikiWiki 21.2 allows to edit templates without the use of a CSRF protection.

==========================

Cross-Side-Request-Forgery (CSRF):

TikiWiki 21.2 allows to edit templates without the use of a CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited.

Can be combined with Path Traversal:

In TikiWiki 21.2, an user can be given the permission to edit .tpl templates. This feature can be abused to escalate the users privileges by inserting the following piece of smarty code: „{include file='../db/local.php'}“. The code snippet includes TikiWikis database configuration file and displays it in the pages source code. Any other www-data readable file like „/etc/passwd“ can be included as well. The config file displays TikiWikis database credentials in cleartext. Recommended solution: Disallow including filetypes other than .tpl

A response from the Tiki project

https://doc.tiki.org/CVE-2020-29254

About

TikiWiki 21.2 allows to edit templates without the use of a CSRF protection.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published