iDEFENSE Security Advisory 11.10.05 - Remote exploitation of an input validation vulnerability in Tikiwiki allows attackers to gain access to arbitrary files on the vulnerable system under the privileges of the underlying web-server. iDEFENSE has confirmed the existence of this issue in Tikiwiki versions 1.8.4 and 1.8.5. It is suspected that earlier versions are vulnerable as well.
3bec287e028f3add2b060c5caca6ea183bcd1dfe8bff378bb1972d6985c397c2