Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload.
TikiWiki contains a flaw that may allow a remote attacker to upload arbitrary files to the system. The issue is due to the "wiki_up" function not sanitizing or restricting what type of files are uploaded. If an attacker uploads a specially crafted script, they may be able to execute it and leverage additional privileges.
Upgrade to version 1.8.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.