Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tiki tiki vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2011-4336
Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.
Tiki Tikiwiki Cms\\/groupware
1 EDB exploit
5
CVSSv2
CVE-2008-5318
Unspecified vulnerability in Tikiwiki prior to 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653.
Tiki Tikiwiki Cms\\/groupware
7.5
CVSSv2
CVE-2003-1574
TikiWiki 1.6.1 allows remote malicious users to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information.
Tiki Tikiwiki Cms\\/groupware 1.6.1
5
CVSSv2
CVE-2006-5702
Tikiwiki 1.9.5 allows remote malicious users to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_ad...
Tiki Tikiwiki Cms\\/groupware 1.9.5
1 EDB exploit
7.5
CVSSv2
CVE-2006-4602
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and previous versions allows remote malicious users to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.
Tiki Tikiwiki Cms\\/groupware 1.9.4
2 EDB exploits
3.5
CVSSv2
CVE-2021-36551
TikiWiki v21.4 exists to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module.
Tiki Tikiwiki Cms\\/groupware 21.4
5
CVSSv2
CVE-2016-10143
A vulnerability in Tiki Wiki CMS 15.2 could allow a remote malicious user to read arbitrary files on a targeted system via a crafted pathname in a banner URL field.
Tiki Tikiwiki Cms\\/groupware 15.2
3.5
CVSSv2
CVE-2019-15314
tiki/tiki-upload_file.php in Tiki 18.4 allows remote malicious users to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.
Tiki Tikiwiki Cms\\/groupware 18.4
7.5
CVSSv2
CVE-2006-4734
Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote malicious users to execute arbitrary SQL commands via the (1) pid and (2) where parameters.
Tiki Tikiwiki Cms\\/groupware 1.9.4
4.3
CVSSv2
CVE-2006-4299
Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote malicious users to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party info...
Tiki Tikiwiki Cms\\/groupware 1.9.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »