Unrated severityNVD Advisory· Published Mar 27, 2010· Updated Apr 29, 2026

CVE-2010-1136

Description

The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.

Affected products

Tiki/Tikiwiki CMS\/groupware5 versions
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/38882nvdVendor Advisory
info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releasesnvd
osvdb.org/62801nvd
tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.phpnvd
tikiwiki.svn.sourceforge.net/viewvc/tikiwikinvd
www.securityfocus.com/bid/38608nvd
exchange.xforce.ibmcloud.com/vulnerabilities/56771nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000