{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110290?format=json","vulnerability_id":"VCID-rwd8-c58t-r3hp","summary":"An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector (connector.minimal.php), which allows remote attackers to upload and execute malicious PHP scripts in the context of the web server. The vulnerable component does not enforce file type validation, allowing attackers to craft a POST request to upload executable PHP payloads through the ELFinder interface exposed at /vendor_extra/elfinder/.","aliases":[{"alias":"CVE-2025-34111"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-34111","reference_id":"","reference_type":"","scores":[{"value":"0.8387","scoring_system":"epss","scoring_elements":"0.99319","published_at":"2026-06-13T12:55:00Z"},{"value":"0.8387","scoring_system":"epss","scoring_elements":"0.99318","published_at":"2026-06-14T12:55:00Z"},{"value":"0.8387","scoring_system":"epss","scoring_elements":"0.99315","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-34111"},{"reference_url":"https://www.exploit-db.com/exploits/40091","reference_id":"40091","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-15T13:30:10Z/"}],"url":"https://www.exploit-db.com/exploits/40091"},{"reference_url":"https://tiki.org/article434-Security-update-Tiki-15-2-Tiki-14-4-and-Tiki-12-9-released","reference_id":"article434-Security-update-Tiki-15-2-Tiki-14-4-and-Tiki-12-9-released","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-15T13:30:10Z/"}],"url":"https://tiki.org/article434-Security-update-Tiki-15-2-Tiki-14-4-and-Tiki-12-9-released"},{"reference_url":"https://www.vulncheck.com/advisories/tiki-wiki-el-finder-unauthenticated-file-upload-rce","reference_id":"tiki-wiki-el-finder-unauthenticated-file-upload-rce","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-15T13:30:10Z/"}],"url":"https://www.vulncheck.com/advisories/tiki-wiki-el-finder-unauthenticated-file-upload-rce"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/tikiwiki_upload_exec.rb","reference_id":"tikiwiki_upload_exec.rb","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-15T13:30:10Z/"}],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/tikiwiki_upload_exec.rb"}],"weaknesses":[{"cwe_id":20,"name":"Improper Input Validation","description":"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly."},{"cwe_id":306,"name":"Missing Authentication for Critical Function","description":"The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources."},{"cwe_id":434,"name":"Unrestricted Upload of File with Dangerous Type","description":"The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment."}],"exploits":[{"date_added":null,"description":"This module exploits a file upload vulnerability in Tiki Wiki <= 15.1\n          which could be abused to allow unauthenticated users to execute arbitrary code\n          under the context of the web server user.\n\n          The issue comes with one of the 3rd party components. Name of that component is\n          ELFinder -version 2.0-. This component comes with default example page which\n          demonstrates file operations such as upload, remove, rename, create directory etc.\n          Default configuration does not force validations such as file extension, content-type etc.\n          Thus, unauthenticated user can upload PHP file.\n\n          The exploit has been tested on Debian 8.x 64-bit and Tiki Wiki 15.1.","required_action":null,"due_date":null,"notes":"Reliability:\n  - unknown-reliability\nStability:\n  - unknown-stability\nSideEffects:\n  - unknown-side-effects\n","known_ransomware_campaign_use":false,"source_date_published":"2016-07-11","exploit_type":null,"platform":"PHP","source_date_updated":null,"data_source":"Metasploit","source_url":"https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/webapp/tikiwiki_upload_exec.rb"}],"severity_range_score":"9.3 - 9.3","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rwd8-c58t-r3hp"}