[原文]Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message.
Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload.
TikiWiki banner_click.php Direct Request Path Disclosure
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
TikiWiki contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker calls the "banner_click.php" script with abnormal parameters, which will disclose the physical path of the web server resulting in a loss of confidentiality.
Upgrade to version 1.8.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.