The Standard Remember method in TikiWiki CMS/Groupware 3.x prior to 3.5 allows remote malicious users to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tiki tikiwiki cms/groupware 3.2 |
||
tiki tikiwiki cms/groupware 3.1 |
||
tiki tikiwiki cms/groupware 3.0 |
||
tiki tikiwiki cms/groupware 3.3 |
||
tiki tikiwiki cms/groupware 3.4 |