The Tiki Community has released updates to all supported branches of the Tiki Wiki CMS Groupware project. These updates address an arbitrary file read vulnerability (already fixed in 16.1 but it was backported to 15.4 and 12.11 now) and a number of several other XSS and DoS related security vulnerabilities.
Special thanks to Zhao Liang from Huawei Weiran Labs, Cedric Van Bockhaven from Deloitte and 0xExploit for the cooperation and assistance in reporting the security issues.
We highly encourage all Tiki administrators to upgrade their sites to the latest Tiki versions: Tiki 16.2, Tiki 15.4 LTS, and Tiki 12.11 LTS.
Visit https://tiki.org/Download to get the latest version.