CNNVD-202507-2030 Information

CNNVD ID

CNNVD-202507-2030

Related CVE

CVE-2025-34111

• CNNVD Published: 2025-07-15

Description (Chinese)

Tiki Wiki CMS Groupware是一套基于Wiki的开源内容管理系统和在线办公套件。 Tiki Wiki CMS Groupware 15.1及之前版本存在安全漏洞，该漏洞源于ELFinder组件文件类型验证不当，可能导致任意文件上传。

Description (English)

Tiki Wiki CMS Groupware is an open-source content management system based on Wiki and an online office suite. Tiki Wiki CMS Groupware 15.1 and previous versions had a security loophole, which stemmed from the inappropriate verification of the type of ELFinder component files, which could lead to any upload.

Hazard Level

Low

Vulnerability Type

其他

Published

2025-07-15

Last Modified

2026-02-24

References

https://tiki.org/article434-Security-update-Tiki-15-2-Tiki-14-4-and-Tiki-12-9-released https://www.exploit-db.com/exploits/40091 https://www.vulncheck.com/advisories/tiki-wiki-el-finder-unauthenticated-file-upload-rce https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/tikiwiki_upload_exec.rb https://nvd.nist.gov/vuln/detail/CVE-2025-34111

Patch

https://tiki.org/HomePage