CVE-2025-34111: CWE-434 Unrestricted Upload of File with Dangerous Type in Tiki Software Community Association Wiki CMS Groupware

Critical

VulnerabilityCVE-2025-34111cve cve-2025-34111 cwe-434 cwe-306 cwe-20

Published: Tue Jul 15 2025 (07/15/2025, 13:09:56 UTC)

Source: CVE Database V5

Vendor/Project: Tiki Software Community Association

Product: Wiki CMS Groupware

Description

An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector (connector.minimal.php), which allows remote attackers to upload and execute malicious PHP scripts in the context of the web server. The vulnerable component does not enforce file type validation, allowing attackers to craft a POST request to upload executable PHP payloads through the ELFinder interface exposed at /vendor_extra/elfinder/.

Technical Details

Data Version: 5.1
Assigner Short Name: VulnCheck
Date Reserved: 2025-04-15T19:15:22.560Z
Cvss Version: 4.0
State: PUBLISHED

Threat ID: 687654a5a83201eaaccea526

Added to database: 7/15/2025, 1:16:21 PM

Last updated: 7/15/2025, 1:16:21 PM

Related Threats

CVE-2025-34116: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in IPFire Project IPFire

High

VulnerabilityTue Jul 15 2025

CVE-2025-34115: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ITRS Group OP5 Monitor

High

VulnerabilityTue Jul 15 2025

CVE-2025-34113: CWE-306 Missing Authentication for Critical Function in Tiki Software Community Association Wiki CMS Groupware

High

VulnerabilityTue Jul 15 2025

CVE-2025-34112: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Riverbed Technology SteelCentral NetExpress

Critical

VulnerabilityTue Jul 15 2025

CVE-2025-34110: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in ColoradoFTP Server

Critical

VulnerabilityTue Jul 15 2025

Actions

Please log in to the Console to use AI analysis features.

External Links

NVD Database MITRE CVE Reference 1 Reference 2 Reference 3 Reference 4 Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

CVE-2025-34111: CWE-434 Unrestricted Upload of File with Dangerous Type in Tiki Software Community Association Wiki CMS Groupware

CVE-2025-34111: CWE-434 Unrestricted Upload of File with Dangerous Type in Tiki Software Community Association Wiki CMS Groupware

Description

Technical Details

Related Threats

CVE-2025-34116: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in IPFire Project IPFire

CVE-2025-34115: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ITRS Group OP5 Monitor

CVE-2025-34113: CWE-306 Missing Authentication for Critical Function in Tiki Software Community Association Wiki CMS Groupware

CVE-2025-34112: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Riverbed Technology SteelCentral NetExpress

CVE-2025-34110: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in ColoradoFTP Server

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility