Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tikiwiki cms groupware vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2004-1928
The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and previous versions allows remote malicious users to upload and possibly execute arbitrary files via the img/wiki_up URL.
Tiki Tikiwiki Cms\\/groupware 1.6.1
Tiki Tikiwiki Cms\\/groupware
2 EDB exploits
4.3
CVSSv2
CVE-2004-1924
Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu...
Tiki Tikiwiki Cms\\/groupware 1.6.1
Tiki Tikiwiki Cms\\/groupware
12 EDB exploits
7.5
CVSSv2
CVE-2004-1925
Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and previous versions allow remote malicious users to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php,...
Tiki Tikiwiki Cms\\/groupware 1.6.1
Tiki Tikiwiki Cms\\/groupware
16 EDB exploits
5
CVSSv2
CVE-2004-1927
Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and previous versions allows remote malicious users to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter.
Tiki Tikiwiki Cms\\/groupware 1.6.1
Tiki Tikiwiki Cms\\/groupware
2 EDB exploits
7.5
CVSSv2
CVE-2010-1135
The user_logout function in TikiWiki CMS/Groupware 4.x prior to 4.2 does not properly delete user login cookies, which allows remote malicious users to gain access via cookie reuse.
Tiki Tikiwiki Cms\\/groupware 4.0
Tiki Tikiwiki Cms\\/groupware 4.1
5
CVSSv2
CVE-2006-6457
tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote malicious users to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message.
Tiki Tikiwiki Cms\\/groupware 1.9.5
Tiki Tikiwiki Cms\\/groupware 1.9.2
7.5
CVSSv2
CVE-2010-1133
Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x prior to 4.2 allow remote malicious users to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php.
Tiki Tikiwiki Cms\\/groupware 4.0
Tiki Tikiwiki Cms\\/groupware 4.1
3.5
CVSSv2
CVE-2018-14849
Tiki prior to 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php.
Tiki Tikiwiki Cms\\/groupware
3.5
CVSSv2
CVE-2018-14850
Stored XSS vulnerabilities in Tiki prior to 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image.
Tiki Tikiwiki Cms\\/groupware
3.5
CVSSv2
CVE-2018-7188
An XSS vulnerability (via an SVG image) in Tiki prior to 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.
Tiki Tikiwiki Cms\\/groupware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »