Data center: Ashburn, VA

Telegram Chat : MBHH_x86

Email Us:

Mobile Hacker For Hire, hire a hacker, hiring a hacker, hacker with proof

[KIS-2023-03] Tiki Wiki CMS Groupware

Table of Contents

From: Egidio Romano <research () karmainsecurity com>
Date: Mon, 09 Jan 2023 21:10:11 +0100


Tiki Wiki CMS Groupware <= 24.0 (grid.php) PHP Object Injection


[-] Software Link:

[-] Affected Versions:

Version 24.0 and prior versions.

[-] Vulnerability Description:

The vulnerability is located in the /lib/sheet/grid.php script,
specifically into the TikiSheetSerializeHandler::_load() method, which
is using the unserialize() PHP function with user-controlled input. This
can be exploited by malicious users to inject arbitrary PHP objects into
the application scope, allowing them to perform a variety of attacks,
such as executing arbitrary PHP code. Successful exploitation of this
vulnerability requires the “Spreadsheets” feature to be enabled and an
account with permissions to create a new sheet. However, due to the CSRF
vulnerability described in KIS-2023-01, this vulnerability might also be
exploited by tricking a victim user into opening a web page like the


<form action="http://localhost/tiki/tiki-import_sheet.php?sheetId=1&quot;
method="POST" enctype="multipart/form-data">
<input type="hidden" name="handler" value="TikiSheetSerializeHandler"

  <input type="file" name="file" id="fileinput"/>

const popChain =

  const fileInput = document.getElementById("fileinput");
  const dataTransfer = new DataTransfer();
  const file = new File([popChain], "test");
  fileInput.files = dataTransfer.files;

[-] Solution:

Upgrade to version 24.1 or later.

[-] Disclosure Timeline:

[07/03/2022] - Vendor notified
[23/08/2022] - Version 24.1 released
[09/01/2023] - Public disclosure

[-] CVE Reference:

The Common Vulnerabilities and Exposures project (
has assigned the name CVE-2023-22850 to this vulnerability.

[-] Credits:

Vulnerability discovered by Egidio Romano.

[-] Original Advisory:

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Current thread:

  • [KIS-2023-03] Tiki Wiki CMS Groupware <= 24.0 (grid.php) PHP Object Injection Vulnerability Egidio Romano (Jan 09)

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!