Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2004-1925

Published: 12/04/2004 Updated: 11/07/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 830
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Tiki

Vulnerability Summary

Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and previous versions allow remote malicious users to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4) tiki-browse_categories.php, (5) tiki-index.php, (6) tiki-user_tasks.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-file_galleries.php, (10) tiki-list_faqs.php, (11) tiki-list_trackers.php, (12) tiki-list_blogs.php, or via the offset parameter in (13) tiki-usermenu.php, (14) tiki-browse_categories.php, (15) tiki-index.php, (16) tiki-user_tasks.php, (17) tiki-list_faqs.php, (18) tiki-list_trackers.php, or (19) tiki-list_blogs.php.

Vulnerable Product Search on Vulmon Subscribe to Product

tiki tikiwiki cms\\/groupware 1.6.1

tiki tikiwiki cms\\/groupware

Exploits

Exploit DB: TikiWiki Project 1.8 - 'tiki-directory_search.php?sort_mode' SQL Injection
source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file ...
Exploit DB: TikiWiki Project 1.8 - 'tiki-user_tasks.php?offset & sort_mode' SQL Injections
source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file ...
Exploit DB: TikiWiki Project 1.8 - 'tiki-list_blogs.php?offset' SQL Injection
source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file ...
Exploit DB: TikiWiki Project 1.8 - 'tiki-list_file_gallery.php?sort_mode' SQL Injection
source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upl ...
Exploit DB: TikiWiki Project 1.8 - 'tiki-file_galleries.php?sort_mode' SQL Injection
source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file ...
Exploit DB: TikiWiki Project 1.8 - 'tiki-usermenu.php?offset' SQL Injection
source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file u ...
Exploit DB: TikiWiki < 1.8.1 - Multiple Vulnerabilities
TikiWiki Multiple Vulnerabilities Vendor: TikiWiki Project Product: TikiWiki Version: &lt;= 181 Website: wwwtikiwikiorg/ BID: 10100 CVE: CVE-2004-1923 CVE-2004-1924 CVE-2004-1925 CVE-2004-1926 CVE-2004-1927 CVE-2004-1928 OSVDB: 5181 5182 5183 5184 5185 5186 5187 5188 5189 5190 5191 5192 5193 5194 5195 5196 5197 5198 5199 5200 5201 52 ...
Exploit DB: TikiWiki Project 1.8 - 'tiki-browse_categories.php?sort_mode' SQL Injection
source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file up ...
Exploit DB: TikiWiki Project 1.8 - 'tiki-index.php?comments_offset & offset' SQL Injections
source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file u ...
Exploit DB: TikiWiki Project 1.8 - 'tiki-list_blogs.php?sort_mode' SQL Injection
source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file u ...
Exploit DB: TikiWiki Project 1.8 - 'tiki-list_faqs.php?offset' SQL Injection
source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file ...
Exploit DB: TikiWiki Project 1.8 - 'tiki-list_trackers.php?sort_mode' SQL Injection
source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file u ...
Exploit DB: TikiWiki Project 1.8 - 'tiki-list_trackers.php?offset' SQL Injection
source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file ...
Exploit DB: TikiWiki Project 1.8 - 'tiki-directory_ranking.php?sort_mode' SQL Injection
source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upl ...
Exploit DB: TikiWiki Project 1.8 - 'tiki-usermenu.php?sort_mode' SQL Injection
source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file uplo ...
Exploit DB: TikiWiki Project 1.8 - 'tiki-list_faqs.php?sort_mode' SQL Injection
source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file u ...

References

CWE-89http://tikiwiki.org/tiki-read_article.php?articleId=66http://www.securityfocus.com/bid/10100http://secunia.com/advisories/11344http://marc.info/?l=bugtraq&m=108180073206947&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/15845https://nvd.nist.govhttps://www.exploit-db.com/exploits/23973/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook