TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | * |
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 1.6.1 |
| tiki | tikiwiki_cms/groupware | * |
Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php, (3) flag, priority, flagval, sort_mode, or find parameters to messu-read.php, (4) articleId parameter to tiki-read_article.php, (5) parentId parameter to tiki-browse_categories.php, (6) comments_threshold parameter to tiki-index.php (7) articleId parameter to tiki-print_article.php, (8) galleryId parameter to tiki-list_file_gallery.php, (9) galleryId parameter to tiki-upload_file.php, (10) faqId parameter to tiki-view_faq.php, (11) chartId parameter to tiki-view_chart.php, or (12) surveyId parameter to tiki-survey_stats_survey.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 1.6.1 |
| tiki | tikiwiki_cms/groupware | * |
Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4) tiki-browse_categories.php, (5) tiki-index.php, (6) tiki-user_tasks.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-file_galleries.php, (10) tiki-list_faqs.php, (11) tiki-list_trackers.php, (12) tiki-list_blogs.php, or via the offset parameter in (13) tiki-usermenu.php, (14) tiki-browse_categories.php, (15) tiki-index.php, (16) tiki-user_tasks.php, (17) tiki-list_faqs.php, (18) tiki-list_trackers.php, or (19) tiki-list_blogs.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 1.6.1 |
| tiki | tikiwiki_cms/groupware | * |
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 1.6.1 |
| tiki | tikiwiki_cms/groupware | * |
Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 1.6.1 |
| tiki | tikiwiki_cms/groupware | * |
The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 1.6.1 |
| tiki | tikiwiki_cms/groupware | * |
TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | * |
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gggeek | phpxmlrpc | * |
| debian | debian_linux | 3.1 |
| php | xml_rpc | * |
| drupal | drupal | * |
| tiki | tikiwiki_cms/groupware | * |
Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 1.6.1 |
| tiki | tikiwiki_cms/groupware | 1.9.0 |
| tiki | tikiwiki_cms/groupware | * |
Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 1.9.0 |
| tiki | tikiwiki_cms/groupware | * |
Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 1.9.1 |
| tiki | tikiwiki_cms/groupware | 1.9.0 |
| tiki | tikiwiki_cms/groupware | 1.9.2 |
tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 1.9.1 |
| tiki | tikiwiki_cms/groupware | 1.9.0 |
| tiki | tikiwiki_cms/groupware | 1.9.2 |
Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<scr<script>ipt>" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) "Assign new module" and (16) "Create new user module" in (k) tiki-admin_modules.php, (17) an unspecified field in "Add notification" in (l) tiki-admin_notifications.php, (18) the offset parameter in (m) tiki-admin_notifications.php, the (19) Name and (20) Dsn fields in (o) tiki-admin_dsn.php, the (21) offset parameter in (p) tiki-admin_content_templates.php, (22) an unspecified field in "Create new template" in (q) tiki-admin_content_templates.php, and the (23) offset parameter in (r) tiki-admin_chat.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 1.9.1 |
| tiki | tikiwiki_cms/groupware | 1.9.10 |
| tiki | tikiwiki_cms/groupware | 1.9.8 |
| tiki | tikiwiki_cms/groupware | 1.9.3 |
| tiki | tikiwiki_cms/groupware | 1.9.5 |
| tiki | tikiwiki_cms/groupware | 1.9.0 |
| tiki | tikiwiki_cms/groupware | 1.9.9 |
| tiki | tikiwiki_cms/groupware | 1.9.8.1 |
| tiki | tikiwiki_cms/groupware | 1.9.3.2 |
| tiki | tikiwiki_cms/groupware | 1.9.6 |
| tiki | tikiwiki_cms/groupware | 1.9.11 |
| tiki | tikiwiki_cms/groupware | 1.9.7 |
| tiki | tikiwiki_cms/groupware | 1.9.2 |
| tiki | tikiwiki_cms/groupware | 1.9.3.1 |
| tiki | tikiwiki_cms/groupware | 1.9.4 |
Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 1.9.1 |
| tiki | tikiwiki_cms/groupware | 1.9.3 |
| tiki | tikiwiki_cms/groupware | 1.9.0 |
| tiki | tikiwiki_cms/groupware | 1.9.2 |
| tiki | tikiwiki_cms/groupware | * |
SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 1.9.1 |
| tiki | tikiwiki_cms/groupware | 1.9.3 |
| tiki | tikiwiki_cms/groupware | 1.9.0 |
| tiki | tikiwiki_cms/groupware | 1.9.2 |
| tiki | tikiwiki_cms/groupware | * |
Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 4.1 |
| tiki | tikiwiki_cms/groupware | 4.0 |
SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 3.2 |
| tiki | tikiwiki_cms/groupware | 3.3 |
| tiki | tikiwiki_cms/groupware | 3.0 |
| tiki | tikiwiki_cms/groupware | 3.4 |
| tiki | tikiwiki_cms/groupware | 3.1 |
The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 4.1 |
| tiki | tikiwiki_cms/groupware | 4.0 |
The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 3.2 |
| tiki | tikiwiki_cms/groupware | 3.3 |
| tiki | tikiwiki_cms/groupware | 3.0 |
| tiki | tikiwiki_cms/groupware | 3.4 |
| tiki | tikiwiki_cms/groupware | 3.1 |
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | * |
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 7.2 |
| tiki | tikiwiki_cms/groupware | 2.2 |
| tiki | tikiwiki_cms/groupware | 3.2 |
| tiki | tikiwiki_cms/groupware | 8.0 |
| tiki | tikiwiki_cms/groupware | 5.1 |
| tiki | tikiwiki_cms/groupware | 7.1 |
| tiki | tikiwiki_cms/groupware | 4 |
| tiki | tikiwiki_cms/groupware | 3.0 |
| tiki | tikiwiki_cms/groupware | 4.2 |
| tiki | tikiwiki_cms/groupware | 5.3 |
| tiki | tikiwiki_cms/groupware | 4.0 |
| tiki | tikiwiki_cms/groupware | * |
| tiki | tikiwiki_cms/groupware | 6.2 |
| tiki | tikiwiki_cms/groupware | 3.1 |
| tiki | tikiwiki_cms/groupware | 8.1 |
| tiki | tikiwiki_cms/groupware | 5.0 |
| tiki | tikiwiki_cms/groupware | 7.0 |
| tiki | tikiwiki_cms/groupware | 6.1 |
| tiki | tikiwiki_cms/groupware | 5.2 |
| tiki | tikiwiki_cms/groupware | 3.4 |
| tiki | tikiwiki_cms/groupware | 3.5 |
| tiki | tikiwiki_cms/groupware | 6.0 |
| tiki | tikiwiki_cms/groupware | 4.1 |
| tiki | tikiwiki_cms/groupware | 3.3 |
Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 9.0 |
| tiki | tikiwiki_cms/groupware | 10.0 |
| tiki | tikiwiki_cms/groupware | 10.3 |
| tiki | tikiwiki_cms/groupware | 9.4 |
| tiki | tikiwiki_cms/groupware | 6.8 |
| tiki | tikiwiki_cms/groupware | 9.5 |
| tiki | tikiwiki_cms/groupware | 6.12 |
| tiki | tikiwiki_cms/groupware | 10.2 |
| tiki | tikiwiki_cms/groupware | 6.9 |
| tiki | tikiwiki_cms/groupware | 9.3 |
| tiki | tikiwiki_cms/groupware | 6.11 |
| tiki | tikiwiki_cms/groupware | 6.10 |
| tiki | tikiwiki_cms/groupware | 9.1 |
| tiki | tikiwiki_cms/groupware | 11.0 |
| tiki | tikiwiki_cms/groupware | 9.2 |
| tiki | tikiwiki_cms/groupware | 9.6 |
| tiki | tikiwiki_cms/groupware | 10.1 |
SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 9.0 |
| tiki | tikiwiki_cms/groupware | 10.0 |
| tiki | tikiwiki_cms/groupware | 10.3 |
| tiki | tikiwiki_cms/groupware | 9.4 |
| tiki | tikiwiki_cms/groupware | 6.8 |
| tiki | tikiwiki_cms/groupware | 9.5 |
| tiki | tikiwiki_cms/groupware | 6.12 |
| tiki | tikiwiki_cms/groupware | 10.2 |
| tiki | tikiwiki_cms/groupware | 6.9 |
| tiki | tikiwiki_cms/groupware | 9.3 |
| tiki | tikiwiki_cms/groupware | 6.11 |
| tiki | tikiwiki_cms/groupware | 6.10 |
| tiki | tikiwiki_cms/groupware | 9.1 |
| tiki | tikiwiki_cms/groupware | 11.0 |
| tiki | tikiwiki_cms/groupware | 9.2 |
| tiki | tikiwiki_cms/groupware | 9.6 |
| tiki | tikiwiki_cms/groupware | 10.1 |
A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | * |
A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 15.2 |
tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | * |
Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to tiki-setup.php and article_image.php. The impact is XSS.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 12.1 |
| tiki | tikiwiki_cms/groupware | 12.2 |
| tiki | tikiwiki_cms/groupware | 12.3 |
| tiki | tikiwiki_cms/groupware | 12.8 |
| tiki | tikiwiki_cms/groupware | 12.9 |
| tiki | tikiwiki_cms/groupware | 16.0 |
| tiki | tikiwiki_cms/groupware | 15.1 |
| tiki | tikiwiki_cms/groupware | 15.0 |
| tiki | tikiwiki_cms/groupware | 12.0 |
| tiki | tikiwiki_cms/groupware | 12.6 |
| tiki | tikiwiki_cms/groupware | 15.2 |
| tiki | tikiwiki_cms/groupware | 12.5 |
| tiki | tikiwiki_cms/groupware | 12.4 |
| tiki | tikiwiki_cms/groupware | 12.7 |
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 12.1 |
| tiki | tikiwiki_cms/groupware | 15.4 |
| tiki | tikiwiki_cms/groupware | 17.0 |
| tiki | tikiwiki_cms/groupware | 16.1 |
| tiki | tikiwiki_cms/groupware | 12.2 |
| tiki | tikiwiki_cms/groupware | 12.3 |
| tiki | tikiwiki_cms/groupware | 12.8 |
| tiki | tikiwiki_cms/groupware | 12.10 |
| tiki | tikiwiki_cms/groupware | 12.9 |
| tiki | tikiwiki_cms/groupware | 16.0 |
| tiki | tikiwiki_cms/groupware | 15.1 |
| tiki | tikiwiki_cms/groupware | 12.11 |
| tiki | tikiwiki_cms/groupware | 15.0 |
| tiki | tikiwiki_cms/groupware | 12.0 |
| tiki | tikiwiki_cms/groupware | 16.2 |
| tiki | tikiwiki_cms/groupware | 12.6 |
| tiki | tikiwiki_cms/groupware | 15.3 |
| tiki | tikiwiki_cms/groupware | 15.2 |
| tiki | tikiwiki_cms/groupware | 12.5 |
| tiki | tikiwiki_cms/groupware | 12.4 |
| tiki | tikiwiki_cms/groupware | 12.7 |
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 12.1 |
| tiki | tikiwiki_cms/groupware | 15.4 |
| tiki | tikiwiki_cms/groupware | 17.0 |
| tiki | tikiwiki_cms/groupware | 16.1 |
| tiki | tikiwiki_cms/groupware | 12.2 |
| tiki | tikiwiki_cms/groupware | 12.3 |
| tiki | tikiwiki_cms/groupware | 12.8 |
| tiki | tikiwiki_cms/groupware | 12.10 |
| tiki | tikiwiki_cms/groupware | 12.9 |
| tiki | tikiwiki_cms/groupware | 16.0 |
| tiki | tikiwiki_cms/groupware | 15.1 |
| tiki | tikiwiki_cms/groupware | 12.11 |
| tiki | tikiwiki_cms/groupware | 15.0 |
| tiki | tikiwiki_cms/groupware | 12.0 |
| tiki | tikiwiki_cms/groupware | 16.2 |
| tiki | tikiwiki_cms/groupware | 12.6 |
| tiki | tikiwiki_cms/groupware | 15.3 |
| tiki | tikiwiki_cms/groupware | 15.2 |
| tiki | tikiwiki_cms/groupware | 12.5 |
| tiki | tikiwiki_cms/groupware | 12.4 |
| tiki | tikiwiki_cms/groupware | 12.7 |
TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 14.0 |
| tiki | tikiwiki_cms/groupware | 12.1 |
| tiki | tikiwiki_cms/groupware | 15.4 |
| tiki | tikiwiki_cms/groupware | 16.1 |
| tiki | tikiwiki_cms/groupware | 12.2 |
| tiki | tikiwiki_cms/groupware | 12.3 |
| tiki | tikiwiki_cms/groupware | 12.8 |
| tiki | tikiwiki_cms/groupware | 12.9 |
| tiki | tikiwiki_cms/groupware | 16.0 |
| tiki | tikiwiki_cms/groupware | 15.1 |
| tiki | tikiwiki_cms/groupware | 14.1 |
| tiki | tikiwiki_cms/groupware | 15.0 |
| tiki | tikiwiki_cms/groupware | 13.2 |
| tiki | tikiwiki_cms/groupware | 13.0 |
| tiki | tikiwiki_cms/groupware | 12.0 |
| tiki | tikiwiki_cms/groupware | 16.2 |
| tiki | tikiwiki_cms/groupware | 12.6 |
| tiki | tikiwiki_cms/groupware | 15.3 |
| tiki | tikiwiki_cms/groupware | 15.2 |
| tiki | tikiwiki_cms/groupware | 12.5 |
| tiki | tikiwiki_cms/groupware | 12.4 |
| tiki | tikiwiki_cms/groupware | 12.7 |
| tiki | tikiwiki_cms/groupware | 13.1 |
lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 16.2 |
Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | * |
Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | * |
In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | * |
An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | * |
Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 18.0 |
| tiki | tikiwiki_cms/groupware | * |
Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tiki | 17.1 |
The Calendar component in Tiki 17.1 allows HTML injection.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 17.1 |
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-1236,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tiki | 17.1 |
tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 18.4 |
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-307,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tiki | * |
Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tiki | * |
TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 21.2 |
There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve-coordination@incibe.es | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-80,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | * |
TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category module.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 21.4 |
TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | 21.4 |
Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tiki | * |
Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tiki | * |
Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tiki | * |
Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tiki | * |
A Cross-Site Scripting (XSS) vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tiki | * |
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the POST request data zipPath of tiki-admin_system.php in Tiki version 21.2. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tiki | * |
Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tiki | * |
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tiki | * |
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tiki | * |
Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored XSS payload in the Name.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tiki | * |
An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector (connector.minimal.php), which allows remote attackers to upload and execute malicious PHP scripts in the context of the web server. The vulnerable component does not enforce file type validation, allowing attackers to craft a POST request to upload executable PHP payloads through the ELFinder interface exposed at /vendor_extra/elfinder/.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tiki | tikiwiki_cms/groupware | * |