Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tiki vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2011-4558
Tiki 8.2 and previous versions allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.
Tiki Tiki
1 EDB exploit
668
VMScore
CVE-2020-15906
tiki-login.php in Tiki prior to 21.2 sets the admin password to a blank value after 50 invalid login attempts.
Tiki Tiki
1 Github repository
NA
CVE-2023-22850
Tiki prior to 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call.
Tiki Tiki
NA
CVE-2023-22851
Tiki prior to 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call.
Tiki Tiki
NA
CVE-2023-22852
Tiki up to and including 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php.
Tiki Tiki
NA
CVE-2023-22853
Tiki prior to 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval.
Tiki Tiki
383
VMScore
CVE-2006-6163
Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki prior to 1.9.7 allows remote malicious users to inject arbitrary JavaScript via unspecified parameters.
Tiki Tikiwiki Cms\\/groupware 1.9.2
Tiki Tikiwiki Cms\\/groupware 1.9.0
Tiki Tikiwiki Cms\\/groupware
Tiki Tikiwiki Cms\\/groupware 1.9.5
Tiki Tikiwiki Cms\\/groupware 1.9.4
Tiki Tikiwiki Cms\\/groupware 1.6.1
Tiki Tikiwiki Cms\\/groupware 1.9.3
Tiki Tikiwiki Cms\\/groupware 1.9.1
668
VMScore
CVE-2006-6168
tiki-register.php in TikiWiki prior to 1.9.7 allows remote malicious users to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email."
Tiki Tikiwiki Cms\\/groupware 1.9.4
Tiki Tikiwiki Cms\\/groupware 1.9.2
Tiki Tikiwiki Cms\\/groupware 1.9.0
Tiki Tikiwiki Cms\\/groupware
Tiki Tikiwiki Cms\\/groupware 1.9.1
Tiki Tikiwiki Cms\\/groupware 1.9.5
Tiki Tikiwiki Cms\\/groupware 1.9.3
Tiki Tikiwiki Cms\\/groupware 1.6.1
312
VMScore
CVE-2018-7302
Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS.
Tiki Tiki 17.1
578
VMScore
CVE-2018-7304
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Crea...
Tiki Tiki 17.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »