Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki prior to 16.3, 17.x prior to 17.1, 12 LTS prior to 12.12 LTS, and 15 LTS prior to 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
tiki tikiwiki cms\\/groupware 15.0 |
||
tiki tikiwiki cms\\/groupware 12.2 |
||
tiki tikiwiki cms\\/groupware 12.4 |
||
tiki tikiwiki cms\\/groupware 12.9 |
||
tiki tikiwiki cms\\/groupware 12.11 |
||
tiki tikiwiki cms\\/groupware 15.2 |
||
tiki tikiwiki cms\\/groupware 15.3 |
||
tiki tikiwiki cms\\/groupware 15.4 |
||
tiki tikiwiki cms\\/groupware 12.0 |
||
tiki tikiwiki cms\\/groupware 16.0 |
||
tiki tikiwiki cms\\/groupware 16.1 |
||
tiki tikiwiki cms\\/groupware 16.2 |
||
tiki tikiwiki cms\\/groupware 12.5 |
||
tiki tikiwiki cms\\/groupware 12.6 |
||
tiki tikiwiki cms\\/groupware 12.7 |
||
tiki tikiwiki cms\\/groupware 12.8 |
||
tiki tikiwiki cms\\/groupware 15.1 |
||
tiki tikiwiki cms\\/groupware 12.1 |
||
tiki tikiwiki cms\\/groupware 12.3 |
||
tiki tikiwiki cms\\/groupware 12.10 |
||
tiki tikiwiki cms\\/groupware 17.0 |
Vulmon