PRP: Tiki Wiki CMS Groupware CVE-2025-34111 Unauthenticated file upload #678
Description
- Identifier of the vulnerability: CVE-2025-34111
- Affected software: Tiki Wiki CMS Groupware
- Type of vulnerability: Unauthenticated file upload leads to RCE
- Requires authentication: No
- Language you would use for writing the plugin: Templated plugins
- Resources:
https://nvd.nist.gov/vuln/detail/CVE-2025-34111
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/tikiwiki_upload_exec.rb
https://tiki.org/article434-Security-update-Tiki-15-2-Tiki-14-4-and-Tiki-12-9-released
https://www.exploit-db.com/exploits/40091
https://www.vulncheck.com/advisories/tiki-wiki-el-finder-unauthenticated-file-upload-rce