VYPR

Tiki

by Tiki

Source repositories

CVEs (54)

  • CVE-2023-22851Jan 14, 2023
    risk 0.00cvss epss 0.01

    Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call.

  • CVE-2023-22852Jan 14, 2023
    risk 0.00cvss epss 0.00

    Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php.

  • CVE-2023-22850Jan 14, 2023
    risk 0.00cvss epss 0.01

    Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call.

  • CVE-2021-36550Oct 28, 2021
    risk 0.00cvss epss 0.00

    TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category module.

  • CVE-2020-29254Dec 11, 2020
    risk 0.00cvss epss 0.01

    TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF…

  • CVE-2020-16131Aug 3, 2020
    risk 0.00cvss epss 0.01

    Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php.

  • CVE-2013-6022Feb 12, 2020
    risk 0.00cvss epss 0.01

    A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code.

  • CVE-2011-4455Nov 20, 2019
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php.

  • CVE-2019-15314Aug 22, 2019
    risk 0.00cvss epss 0.01

    tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.

  • CVE-2018-20719Jan 15, 2019
    risk 0.00cvss epss 0.01

    In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.

  • CVE-2003-1574Aug 24, 2009
    risk 0.00cvss epss 0.02

    TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information.

  • CVE-2008-5319Dec 3, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653.

  • CVE-2008-5318Dec 3, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653.

  • CVE-2008-3654Aug 13, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors.

  • CVE-2008-1047Feb 27, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2007-6526Dec 27, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter.

  • CVE-2007-6529Dec 27, 2007
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3) tiki-g-admin_shared_source.php.

  • CVE-2007-5682Oct 26, 2007
    risk 0.00cvss epss 0.03

    Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than…

  • CVE-2007-5683Oct 26, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to the password reminder page (tiki-remind_password.php), (2) IMG tags in wiki pages, and (3) the…

  • CVE-2007-4554Aug 28, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7.