Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tiki tiki vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-22853
Tiki prior to 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval.
Tiki Tiki
8.8
CVSSv3
CVE-2023-22850
Tiki prior to 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call.
Tiki Tiki
6.5
CVSSv3
CVE-2023-22852
Tiki up to and including 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php.
Tiki Tiki
9.8
CVSSv3
CVE-2020-15906
tiki-login.php in Tiki prior to 21.2 sets the admin password to a blank value after 50 invalid login attempts.
Tiki Tiki
1 Github repository
6.1
CVSSv3
CVE-2020-16131
Tiki prior to 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php.
Tiki Tiki
7.2
CVSSv3
CVE-2011-4558
Tiki 8.2 and previous versions allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.
Tiki Tiki
1 EDB exploit
NA
CVE-2006-6163
Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki prior to 1.9.7 allows remote malicious users to inject arbitrary JavaScript via unspecified parameters.
Tiki Tikiwiki Cms\\/groupware 1.9.2
Tiki Tikiwiki Cms\\/groupware 1.9.0
Tiki Tikiwiki Cms\\/groupware
Tiki Tikiwiki Cms\\/groupware 1.9.5
Tiki Tikiwiki Cms\\/groupware 1.9.4
Tiki Tikiwiki Cms\\/groupware 1.6.1
Tiki Tikiwiki Cms\\/groupware 1.9.3
Tiki Tikiwiki Cms\\/groupware 1.9.1
NA
CVE-2006-6168
tiki-register.php in TikiWiki prior to 1.9.7 allows remote malicious users to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email."
Tiki Tikiwiki Cms\\/groupware 1.9.4
Tiki Tikiwiki Cms\\/groupware 1.9.2
Tiki Tikiwiki Cms\\/groupware 1.9.0
Tiki Tikiwiki Cms\\/groupware
Tiki Tikiwiki Cms\\/groupware 1.9.1
Tiki Tikiwiki Cms\\/groupware 1.9.5
Tiki Tikiwiki Cms\\/groupware 1.9.3
Tiki Tikiwiki Cms\\/groupware 1.6.1
5.4
CVSSv3
CVE-2018-7302
Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS.
Tiki Tiki 17.1
8.8
CVSSv3
CVE-2018-7304
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Crea...
Tiki Tiki 17.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »