WikkiTikkiTavi is a freely available engine for running a Wiki site. Wiki sites are web communities which are based on the idea that every webpage is editable by users of the website. WikkiTikkiTavi is back-ended by a MySQL database and runs on most Linux and Unix variants, as well as Microsoft Windows NT/2000 operating systems.
WikkiTikkiTavi permits remote file including. As a result, a remote attacker may include an arbitrary file located on a remote host. This may be exploited via a malicious web request. If this file is a PHP script, it will be executed on the host running the vulnerable software with the privileges of the webserver.
The attacker may use this as an opportunity to gain local access on the host running the vulnerable software.
The following URL is sufficient to exploit this issue:
where conflict.php is the name of the malicious attacker-supplied script.
WikkiTikkiTavi contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'conflict.php' script not properly sanitizing user input supplied to the 'TemplateDir' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
Upgrade to version 0.21 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.