CVE-2016-10143

Published: Jan 20, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field.

Affected (1)

Products: Tiki: Tikiwiki Cms/groupware

Tiki

1 product

Tikiwiki Cms/groupware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tiki Tikiwiki Cms/groupware	Version 15.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.securityfocus.com/bid/96787

Source: cve@mitre.org

https://dev.tiki.org/item6174

Source: cve@mitre.org

Permissions Required

https://sourceforge.net/p/tikiwiki/code/60308/

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://www.securityfocus.com/bid/96787

Source: af854a3a-2127-422b-91ae-364da2661108

https://dev.tiki.org/item6174

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://sourceforge.net/p/tikiwiki/code/60308/

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.