CVE-2007-5684 Information

Description

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php or (3) encoded ..2F\ sequences in the imp_language parameter to tiki-imexport_languages.php.

Reference

http://info.tikiwiki.org/tiki-read_article.php?articleId=15 http://www.securityfocus.com/archive/1/482801/30/0/threaded