High severity8.8OSV Advisory· Published Feb 21, 2018· Updated Jun 17, 2026
CVE-2018-7304
CVE-2018-7304
Description
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 17.0, 17.0alpha, 17.0beta, …
Patches
Vulnerability mechanics
References
1- websecnerd.blogspot.in/2018/01/tiki-wiki-cms-groupware-17.htmlnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.