Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tiki tiki vulnerabilities and exploits
(subscribe to this query)
510
VMScore
CVE-2004-1927
Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and previous versions allows remote malicious users to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter.
Tiki Tikiwiki Cms\\/groupware 1.6.1
Tiki Tikiwiki Cms\\/groupware
2 EDB exploits
760
VMScore
CVE-2004-1928
The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and previous versions allows remote malicious users to upload and possibly execute arbitrary files via the img/wiki_up URL.
Tiki Tikiwiki Cms\\/groupware 1.6.1
Tiki Tikiwiki Cms\\/groupware
2 EDB exploits
830
VMScore
CVE-2004-1925
Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and previous versions allow remote malicious users to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php,...
Tiki Tikiwiki Cms\\/groupware 1.6.1
Tiki Tikiwiki Cms\\/groupware
16 EDB exploits
383
VMScore
CVE-2005-3283
Cross-site scripting (XSS) vulnerability in TikiWiki prior to 1.9.1.1 allows remote malicious users to inject arbitrary web script or HTML via unknown vectors.
Tiki Tikiwiki Cms\\/groupware
Tiki Tikiwiki Cms\\/groupware 1.9.0
312
VMScore
CVE-2018-7290
Cross Site Scripting (XSS) exists in Tiki prior to 12.13, 15.6, 17.2, and 18.1.
Tiki Tikiwiki Cms\\/groupware
Tiki Tikiwiki Cms\\/groupware 18.0
668
VMScore
CVE-2010-1133
Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x prior to 4.2 allow remote malicious users to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php.
Tiki Tikiwiki Cms\\/groupware 4.0
Tiki Tikiwiki Cms\\/groupware 4.1
668
VMScore
CVE-2010-1135
The user_logout function in TikiWiki CMS/Groupware 4.x prior to 4.2 does not properly delete user login cookies, which allows remote malicious users to gain access via cookie reuse.
Tiki Tikiwiki Cms\\/groupware 4.0
Tiki Tikiwiki Cms\\/groupware 4.1
445
VMScore
CVE-2006-6457
tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote malicious users to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message.
Tiki Tikiwiki Cms\\/groupware 1.9.5
Tiki Tikiwiki Cms\\/groupware 1.9.2
383
VMScore
CVE-2016-7394
tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie.
Tiki Tikiwiki Cms\\/groupware
312
VMScore
CVE-2018-14850
Stored XSS vulnerabilities in Tiki prior to 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image.
Tiki Tikiwiki Cms\\/groupware
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27842
CVE-2024-30657
CVE-2024-4534
hardcoded
SSRF
CVE-2024-21683
CVE-2024-5364
file upload
CVE-2024-5371
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »