Tikiwiki CMS\/groupware
Sign in to watchby Tiki
CVEs (56)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2007-5682 | 0.00 | — | 0.02 | Oct 26, 2007 | Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423. | ||
| CVE-2007-4554 | 0.00 | — | 0.00 | Aug 28, 2007 | Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7. | ||
| CVE-2006-6457 | 0.00 | — | 0.00 | Dec 11, 2006 | tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message. | ||
| CVE-2006-6168 | 0.00 | — | 0.06 | Nov 29, 2006 | tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email." | ||
| CVE-2006-6162 | 0.00 | — | 0.00 | Nov 29, 2006 | Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||
| CVE-2006-6163 | 0.00 | — | 0.00 | Nov 29, 2006 | Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters. | ||
| CVE-2006-4734 | 0.00 | — | 0.01 | Sep 13, 2006 | Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters. | ||
| CVE-2006-4299 | 0.00 | — | 0.01 | Aug 23, 2006 | Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||
| CVE-2006-3047 | 0.00 | — | 0.01 | Jun 16, 2006 | Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||
| CVE-2006-3048 | 0.00 | — | 0.01 | Jun 16, 2006 | SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | ||
| CVE-2005-3529 | 0.00 | — | 0.01 | Nov 20, 2005 | tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability. | ||
| CVE-2005-3528 | 0.00 | — | 0.01 | Nov 20, 2005 | Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter. | ||
| CVE-2005-1925 | 0.00 | — | 0.01 | Nov 18, 2005 | Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php. | ||
| CVE-2005-3283 | 0.00 | — | 0.01 | Oct 23, 2005 | Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||
| CVE-2005-0200 | 0.00 | — | 0.01 | May 2, 2005 | TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386. | ||
| CVE-2004-1386 | 0.00 | — | 0.01 | Dec 31, 2004 | TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200. |
Page 3 of 3