Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tiki tiki vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2011-4558
Tiki 8.2 and previous versions allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.
Tiki Tiki
1 EDB exploit
383
VMScore
CVE-2011-4455
Multiple cross-site scripting vulnerabilities in Tiki 7.2 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php.
Tiki Tiki
383
VMScore
CVE-2020-16131
Tiki prior to 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php.
Tiki Tiki
NA
CVE-2023-22851
Tiki prior to 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call.
Tiki Tiki
NA
CVE-2023-22853
Tiki prior to 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval.
Tiki Tiki
NA
CVE-2023-22852
Tiki up to and including 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php.
Tiki Tiki
NA
CVE-2023-22850
Tiki prior to 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call.
Tiki Tiki
668
VMScore
CVE-2020-15906
tiki-login.php in Tiki prior to 21.2 sets the admin password to a blank value after 50 invalid login attempts.
Tiki Tiki
1 Github repository
312
VMScore
CVE-2018-7302
Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS.
Tiki Tiki 17.1
578
VMScore
CVE-2018-7304
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Crea...
Tiki Tiki 17.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »