Published: 11/04/2004 Updated: 18/10/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 765

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Tiki CMS/Groupware (TikiWiki) 1.8.1 and previous versions allows remote malicious users to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tiki tikiwiki cms\\/groupware 1.6.1
tiki tikiwiki cms\\/groupware

source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload Use ...

TikiWiki Multiple Vulnerabilities Vendor: TikiWiki Project Product: TikiWiki Version: <= 181 Website: wwwtikiwikiorg/ BID: 10100 CVE: CVE-2004-1923 CVE-2004-1924 CVE-2004-1925 CVE-2004-1926 CVE-2004-1927 CVE-2004-1928 OSVDB: 5181 5182 5183 5184 5185 5186 5187 5188 5189 5190 5191 5192 5193 5194 5195 5196 5197 5198 5199 5200 5201 52 ...

source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload Di ...

CWE-94 http://tikiwiki.org/tiki-read_article.php?articleId=66 http://www.securityfocus.com/bid/10100 http://secunia.com/advisories/11344 http://marc.info/?l=bugtraq&m=108180073206947&w=2 https://nvd.nist.gov https://www.exploit-db.com/exploits/23950/

CVE-2004-1926

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect