PHP Object Injection Vulnerability in Tiki by Tiki Wiki Association
CVE-2023-22851

7.2HIGH

Key Information:

Vendor

Tiki

Status
Tiki
Vendor
CVE Published:
14 January 2023

What is CVE-2023-22851?

A vulnerability in Tiki prior to version 24.2 allows attackers with administrative access to exploit PHP Object Injection via an unserialize call in the 'lib/importer/tikiimporter_blog_wordpress.php' file. This oversight may lead to the execution of malicious code, compromising the security of the application and exposing sensitive data.

References

https://tiki.org/articles
https://karmainsecurity.com/KIS-2023-04

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.