Gulftech Research pointed us to a bug in the xmlrpc library. This bug can be used to execute any php code remote. This is a serious security flaw and we encourage you to either use a workaround or to install updated xmlrpc libraries immediately.
Remove the files lib/xmlrpc.inc and lib/xmlrpcs.inc. After removal you will not be able to use the "send/receive Objects" feature, the xmlrpc functions in the blog feature and the wiki 3D browser.
Download the zip archive from:
or download the tar.gz from:
To install the patch, just go to your tiki root directory and unzip/untar the file. It will overwrite the lib/xmlrpc.inc and lib/xmlrpcs.inc files.