CVE-2025-34113
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-07-15
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tiki | tiki_wiki_cms | 14.2 |
| tiki | tiki_wiki_cms | 12.5_lts |
| tiki | tiki_wiki_cms | 9.11_lts |
| tiki | tiki_wiki_cms | 6.15 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-34113 is a critical authenticated command injection vulnerability in the calendar module of Tiki Wiki CMS (versions ≤14.1, ≤12.4 LTS, ≤9.10 LTS, and ≤6.14). It occurs via the 'viewmode' GET parameter in the 'tiki-calendar.php' script. When the calendar module is enabled and an authenticated user with permission accesses it, an attacker can inject and execute arbitrary PHP code remotely. This allows the attacker to run commands on the web server with the privileges of the web server user, potentially leading to full server compromise. [1, 3, 4]
How can this vulnerability impact me? :
This vulnerability can lead to remote code execution on the affected server, allowing an attacker to execute arbitrary PHP code. This can result in unauthorized access, data theft, server defacement, installation of backdoors or web shells, and full compromise of the web server. The attacker can manipulate files, execute commands, and potentially pivot to other parts of the network, severely impacting the security and integrity of your system. [1, 3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to inject PHP code into the `viewmode` GET parameter of the `tiki-calendar.php` script and checking for code execution. For example, sending a request like `http://victimesite/tiki-calendar.php?viewmode=';print(TikiWikiRCE);$a='` and verifying if the string "TikiWikiRCE" appears in the response confirms the vulnerability. Additionally, authenticated access is required, so first log in by sending a POST request to `tiki-login.php` with valid credentials, then perform the injection test. Commands can be crafted using curl or similar tools to automate this process. For example: 1. Authenticate: ``` curl -c cookies.txt -d "login=username&password=password" -X POST http://victimesite/tiki-login.php ``` 2. Test injection: ``` curl -b cookies.txt "http://victimesite/tiki-calendar.php?viewmode=';print(TikiWikiRCE);$a='" ``` If the response contains "TikiWikiRCE", the system is vulnerable. [3, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the Tiki Wiki CMS to the latest patched versions (14.2, 12.5 LTS, 9.11 LTS, 6.15 or later) that contain the security fix. If upgrading is not immediately possible, disable the calendar feature entirely or restrict its access exclusively to trusted users until the update can be applied. [1, 2]