VYPR
High severity8.0NVD Advisory· Published Sep 30, 2017· Updated Jun 17, 2026

CVE-2017-14924

CVE-2017-14924

Description

Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

22
  • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.0:*:*:*:lts:*:*:*+ 20 more
    • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.0:*:*:*:lts:*:*:*
    • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.10:*:*:*:lts:*:*:*
    • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.11:*:*:*:lts:*:*:*
    • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.1:*:*:*:lts:*:*:*
    • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.2:*:*:*:lts:*:*:*
    • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.3:*:*:*:lts:*:*:*
    • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.4:*:*:*:lts:*:*:*
    • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.5:*:*:*:lts:*:*:*
    • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.6:*:*:*:lts:*:*:*
    • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.7:*:*:*:lts:*:*:*
    • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.8:*:*:*:lts:*:*:*
    • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.9:*:*:*:lts:*:*:*
    • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:15.0:*:*:*:lts:*:*:*
    • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:15.1:*:*:*:lts:*:*:*
    • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:15.2:*:*:*:lts:*:*:*
    • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:15.3:*:*:*:lts:*:*:*
    • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:15.4:*:*:*:lts:*:*:*
    • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:16.0:*:*:*:*:*:*:*
    • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:16.1:*:*:*:*:*:*:*
    • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:16.2:*:*:*:*:*:*:*
    • cpe:2.3:a:tiki:tikiwiki_cms\/groupware:17.0:*:*:*:*:*:*:*
  • Tiki/Tikillm-fuzzy
    Range: <16.3, <17.1, <12.12 LTS, <15.5 LTS

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.