VYPR

Tikiwiki CMS\/groupware

by Tiki

Source repositories

CVEs (71)

  • CVE-2006-6162Nov 29, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third…

  • CVE-2006-4734Sep 13, 2006
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters.

  • CVE-2006-4299Aug 23, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party…

  • CVE-2006-3048Jun 16, 2006
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.

  • CVE-2006-3047Jun 16, 2006
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

  • CVE-2005-3529Nov 20, 2005
    risk 0.00cvss epss 0.01

    tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability.

  • CVE-2005-3528Nov 20, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter.

  • CVE-2005-1925Nov 18, 2005
    risk 0.00cvss epss 0.03

    Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php.

  • CVE-2005-3283Oct 23, 2005
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

  • CVE-2005-0200May 2, 2005
    risk 0.00cvss epss 0.02

    TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386.

  • CVE-2004-1386Dec 31, 2004
    risk 0.00cvss epss 0.02

    TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200.

Page 4 of 4