Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tiki vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-22852
Tiki up to and including 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php.
Tiki Tiki
7.5
CVSSv2
CVE-2020-15906
tiki-login.php in Tiki prior to 21.2 sets the admin password to a blank value after 50 invalid login attempts.
Tiki Tiki
1 Github repository
4.3
CVSSv2
CVE-2011-4455
Multiple cross-site scripting vulnerabilities in Tiki 7.2 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php.
Tiki Tiki
4.3
CVSSv2
CVE-2020-16131
Tiki prior to 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php.
Tiki Tiki
6
CVSSv2
CVE-2011-4558
Tiki 8.2 and previous versions allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.
Tiki Tiki
1 EDB exploit
NA
CVE-2023-22853
Tiki prior to 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval.
Tiki Tiki
7.5
CVSSv2
CVE-2006-6168
tiki-register.php in TikiWiki prior to 1.9.7 allows remote malicious users to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email."
Tiki Tikiwiki Cms\\/groupware 1.9.4
Tiki Tikiwiki Cms\\/groupware 1.9.2
Tiki Tikiwiki Cms\\/groupware 1.9.0
Tiki Tikiwiki Cms\\/groupware
Tiki Tikiwiki Cms\\/groupware 1.9.1
Tiki Tikiwiki Cms\\/groupware 1.9.5
Tiki Tikiwiki Cms\\/groupware 1.9.3
Tiki Tikiwiki Cms\\/groupware 1.6.1
4.3
CVSSv2
CVE-2006-6163
Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki prior to 1.9.7 allows remote malicious users to inject arbitrary JavaScript via unspecified parameters.
Tiki Tikiwiki Cms\\/groupware 1.9.2
Tiki Tikiwiki Cms\\/groupware 1.9.0
Tiki Tikiwiki Cms\\/groupware
Tiki Tikiwiki Cms\\/groupware 1.9.5
Tiki Tikiwiki Cms\\/groupware 1.9.4
Tiki Tikiwiki Cms\\/groupware 1.6.1
Tiki Tikiwiki Cms\\/groupware 1.9.3
Tiki Tikiwiki Cms\\/groupware 1.9.1
6.5
CVSSv2
CVE-2018-7304
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Crea...
Tiki Tiki 17.1
3.5
CVSSv2
CVE-2018-7302
Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS.
Tiki Tiki 17.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »