Critical severity9.8NVD Advisory· Published Jul 12, 2012· Updated Apr 29, 2026
CVE-2012-0911
CVE-2012-0911
Description
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.
Affected products
2cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:-:*:*:*+ 1 more
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:-:*:*:*range: <8.4
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:lts:*:*:*range: <6.7
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- archives.neohapsis.com/archives/bugtraq/2012-07/0020.htmlnvdExploit
- www.exploit-db.com/exploits/19573nvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/19630nvdExploitThird Party AdvisoryVDB Entry
- info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTSnvdVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/76758nvdThird Party AdvisoryVDB Entry
- dev.tiki.org/item4109nvdBroken Link
- info.tiki.org/article191-Tiki-Releases-8-4nvdRelease Notes
- osvdb.org/83534nvdBroken Link
- www.securityfocus.com/bid/54298nvdBroken Link
News mentions
0No linked articles in our index yet.