Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki prior to 16.3, 17.x prior to 17.1, 12 LTS prior to 12.12 LTS, and 15 LTS prior to 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
tiki tikiwiki cms\\/groupware 15.4 |
||
tiki tikiwiki cms\\/groupware 12.1 |
||
tiki tikiwiki cms\\/groupware 12.6 |
||
tiki tikiwiki cms\\/groupware 12.8 |
||
tiki tikiwiki cms\\/groupware 16.2 |
||
tiki tikiwiki cms\\/groupware 12.2 |
||
tiki tikiwiki cms\\/groupware 12.3 |
||
tiki tikiwiki cms\\/groupware 12.4 |
||
tiki tikiwiki cms\\/groupware 12.5 |
||
tiki tikiwiki cms\\/groupware 15.0 |
||
tiki tikiwiki cms\\/groupware 15.1 |
||
tiki tikiwiki cms\\/groupware 15.2 |
||
tiki tikiwiki cms\\/groupware 12.10 |
||
tiki tikiwiki cms\\/groupware 12.11 |
||
tiki tikiwiki cms\\/groupware 17.0 |
||
tiki tikiwiki cms\\/groupware 16.0 |
||
tiki tikiwiki cms\\/groupware 16.1 |
||
tiki tikiwiki cms\\/groupware 15.3 |
||
tiki tikiwiki cms\\/groupware 12.0 |
||
tiki tikiwiki cms\\/groupware 12.7 |
||
tiki tikiwiki cms\\/groupware 12.9 |
Vulmon