Description
Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter.
Affected products
- Tiki / tikiwiki_cms/groupware1.8.1
- Tiki / tikiwiki_cms/groupware1.6.1 – 1.6.1