All the vulnerabilites related to tiki - tikiwiki_cms\/groupware
cve-2004-1926
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/10100 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=108180073206947&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/11344 | third-party-advisory, x_refsource_SECUNIA | |
| http://tikiwiki.org/tiki-read_article.php?articleId=66 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10100",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"name": "20040412 Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"name": "11344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11344"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10100",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"name": "20040412 Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"name": "11344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11344"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10100"
},
{
"name": "20040412 Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"name": "11344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11344"
},
{
"name": "http://tikiwiki.org/tiki-read_article.php?articleId=66",
"refsource": "CONFIRM",
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1926",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6528
Vulnerability from cvelistv5
Published
2007-12-27 22:00
Modified
2024-08-07 16:11
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/3484 | third-party-advisory, x_refsource_SREASON | |
| http://tikiwiki.org/ReleaseProcess199 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/27008 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/485482/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/28225 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/28602 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/41178 | vdb-entry, x_refsource_OSVDB | |
| http://security.gentoo.org/glsa/glsa-200801-10.xml | vendor-advisory, x_refsource_GENTOO | |
| https://www.exploit-db.com/exploits/4942 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3484",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3484"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.org/ReleaseProcess199"
},
{
"name": "27008",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27008"
},
{
"name": "20071224 [ISecAuditors Security Advisories] Tikiwiki CMS is vulnerable to path traversal attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485482/100/0/threaded"
},
{
"name": "28225",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28225"
},
{
"name": "28602",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28602"
},
{
"name": "41178",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41178"
},
{
"name": "GLSA-200801-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-10.xml"
},
{
"name": "4942",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4942"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3484",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3484"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.org/ReleaseProcess199"
},
{
"name": "27008",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27008"
},
{
"name": "20071224 [ISecAuditors Security Advisories] Tikiwiki CMS is vulnerable to path traversal attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485482/100/0/threaded"
},
{
"name": "28225",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28225"
},
{
"name": "28602",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28602"
},
{
"name": "41178",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41178"
},
{
"name": "GLSA-200801-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-10.xml"
},
{
"name": "4942",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4942"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3484",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3484"
},
{
"name": "http://tikiwiki.org/ReleaseProcess199",
"refsource": "CONFIRM",
"url": "http://tikiwiki.org/ReleaseProcess199"
},
{
"name": "27008",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27008"
},
{
"name": "20071224 [ISecAuditors Security Advisories] Tikiwiki CMS is vulnerable to path traversal attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485482/100/0/threaded"
},
{
"name": "28225",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28225"
},
{
"name": "28602",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28602"
},
{
"name": "41178",
"refsource": "OSVDB",
"url": "http://osvdb.org/41178"
},
{
"name": "GLSA-200801-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-10.xml"
},
{
"name": "4942",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4942"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6528",
"datePublished": "2007-12-27T22:00:00",
"dateReserved": "2007-12-27T00:00:00",
"dateUpdated": "2024-08-07T16:11:06.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1928
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15849 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/10100 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=108180073206947&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/11344 | third-party-advisory, x_refsource_SECUNIA | |
| http://tikiwiki.org/tiki-read_article.php?articleId=66 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "tikiwiki-file-upload(15849)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15849"
},
{
"name": "10100",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"name": "20040412 Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"name": "11344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11344"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "tikiwiki-file-upload(15849)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15849"
},
{
"name": "10100",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"name": "20040412 Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"name": "11344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11344"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tikiwiki-file-upload(15849)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15849"
},
{
"name": "10100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10100"
},
{
"name": "20040412 Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"name": "11344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11344"
},
{
"name": "http://tikiwiki.org/tiki-read_article.php?articleId=66",
"refsource": "CONFIRM",
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1928",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4714
Vulnerability from cvelistv5
Published
2013-11-06 11:00
Modified
2024-09-16 19:10
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN81813850/index.html | third-party-advisory, x_refsource_JVN | |
| http://info.tiki.org/article221-New-Versions-of-all-supported-versions-of-Tiki-Wiki-CMS-Groupware | x_refsource_CONFIRM | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000099 | third-party-advisory, x_refsource_JVNDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#81813850",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN81813850/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://info.tiki.org/article221-New-Versions-of-all-supported-versions-of-Tiki-Wiki-CMS-Groupware"
},
{
"name": "JVNDB-2013-000099",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000099"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-06T11:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#81813850",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN81813850/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://info.tiki.org/article221-New-Versions-of-all-supported-versions-of-Tiki-Wiki-CMS-Groupware"
},
{
"name": "JVNDB-2013-000099",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000099"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-4714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#81813850",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN81813850/index.html"
},
{
"name": "http://info.tiki.org/article221-New-Versions-of-all-supported-versions-of-Tiki-Wiki-CMS-Groupware",
"refsource": "CONFIRM",
"url": "http://info.tiki.org/article221-New-Versions-of-all-supported-versions-of-Tiki-Wiki-CMS-Groupware"
},
{
"name": "JVNDB-2013-000099",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000099"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-4714",
"datePublished": "2013-11-06T11:00:00Z",
"dateReserved": "2013-06-26T00:00:00Z",
"dateUpdated": "2024-09-16T19:10:53.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20719
Vulnerability from cvelistv5
Published
2019-01-15 16:00
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.ripstech.com/2018/scan-verify-patch-security-issues-in-minutes/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:28.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.ripstech.com/2018/scan-verify-patch-security-issues-in-minutes/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-15T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.ripstech.com/2018/scan-verify-patch-security-issues-in-minutes/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.ripstech.com/2018/scan-verify-patch-security-issues-in-minutes/",
"refsource": "MISC",
"url": "https://blog.ripstech.com/2018/scan-verify-patch-security-issues-in-minutes/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20719",
"datePublished": "2019-01-15T16:00:00",
"dateReserved": "2019-01-15T00:00:00",
"dateUpdated": "2024-08-05T12:12:28.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7188
Vulnerability from cvelistv5
Published
2018-02-16 18:00
Modified
2024-09-16 19:56
Severity ?
EPSS score ?
Summary
An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/p/tikiwiki/code/65327 | x_refsource_MISC | |
| http://openwall.com/lists/oss-security/2018/02/16/1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/tikiwiki/code/65327"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2018/02/16/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-16T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/tikiwiki/code/65327"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2018/02/16/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/tikiwiki/code/65327",
"refsource": "MISC",
"url": "https://sourceforge.net/p/tikiwiki/code/65327"
},
{
"name": "http://openwall.com/lists/oss-security/2018/02/16/1",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2018/02/16/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7188",
"datePublished": "2018-02-16T18:00:00Z",
"dateReserved": "2018-02-16T00:00:00Z",
"dateUpdated": "2024-09-16T19:56:07.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15314
Vulnerability from cvelistv5
Published
2019-08-22 12:15
Modified
2024-08-05 00:42
Severity ?
EPSS score ?
Summary
tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pastebin.com/wEM7rnG7 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:42:03.726Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/wEM7rnG7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display\u0026fileId= URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-22T12:15:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/wEM7rnG7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display\u0026fileId= URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pastebin.com/wEM7rnG7",
"refsource": "MISC",
"url": "https://pastebin.com/wEM7rnG7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15314",
"datePublished": "2019-08-22T12:15:31",
"dateReserved": "2019-08-21T00:00:00",
"dateUpdated": "2024-08-05T00:42:03.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-14850
Vulnerability from cvelistv5
Published
2018-08-13 17:00
Modified
2024-08-05 09:38
Severity ?
EPSS score ?
Summary
Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/p/tikiwiki/code/66990 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2018/08/02/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2018/08/02/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/tikiwiki/code/66990"
},
{
"name": "[oss-security] 20180802 Stored XSS vulnerabilities in Tiki \u003c= 18.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/02/1"
},
{
"name": "[oss-security] 20180802 Re: Stored XSS vulnerabilities in Tiki \u003c= 18.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/02/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-13T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/tikiwiki/code/66990"
},
{
"name": "[oss-security] 20180802 Stored XSS vulnerabilities in Tiki \u003c= 18.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/02/1"
},
{
"name": "[oss-security] 20180802 Re: Stored XSS vulnerabilities in Tiki \u003c= 18.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/02/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/tikiwiki/code/66990",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/tikiwiki/code/66990"
},
{
"name": "[oss-security] 20180802 Stored XSS vulnerabilities in Tiki \u003c= 18.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/08/02/1"
},
{
"name": "[oss-security] 20180802 Re: Stored XSS vulnerabilities in Tiki \u003c= 18.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/08/02/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14850",
"datePublished": "2018-08-13T17:00:00",
"dateReserved": "2018-08-02T00:00:00",
"dateUpdated": "2024-08-05T09:38:14.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-36550
Vulnerability from cvelistv5
Published
2021-10-28 19:11
Modified
2024-08-04 00:54
Severity ?
EPSS score ?
Summary
TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category module.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/r0ck3t1973/xss_payload/issues/6 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/r0ck3t1973/xss_payload/issues/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-28T19:11:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/r0ck3t1973/xss_payload/issues/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/r0ck3t1973/xss_payload/issues/6",
"refsource": "MISC",
"url": "https://github.com/r0ck3t1973/xss_payload/issues/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36550",
"datePublished": "2021-10-28T19:11:11",
"dateReserved": "2021-07-12T00:00:00",
"dateUpdated": "2024-08-04T00:54:51.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5684
Vulnerability from cvelistv5
Published
2007-10-26 18:00
Modified
2024-08-07 15:39
Severity ?
EPSS score ?
Summary
Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded "..%2F" sequences in the imp_language parameter to tiki-imexport_languages.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://info.tikiwiki.org/tiki-read_article.php?articleId=15 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/482801/30/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15"
},
{
"name": "20071025 TikiWiki \u003c= 1.9.8.1 Cross Site Scripting / Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482801/30/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded \"..%2F\" sequences in the imp_language parameter to tiki-imexport_languages.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-12-21T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15"
},
{
"name": "20071025 TikiWiki \u003c= 1.9.8.1 Cross Site Scripting / Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482801/30/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded \"..%2F\" sequences in the imp_language parameter to tiki-imexport_languages.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15",
"refsource": "CONFIRM",
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15"
},
{
"name": "20071025 TikiWiki \u003c= 1.9.8.1 Cross Site Scripting / Local File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482801/30/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5684",
"datePublished": "2007-10-26T18:00:00",
"dateReserved": "2007-10-26T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1921
Vulnerability from cvelistv5
Published
2005-07-01 04:00
Modified
2024-08-07 22:06
Severity ?
EPSS score ?
Summary
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:350",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350"
},
{
"name": "DSA-789",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-789"
},
{
"name": "15947",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15947"
},
{
"name": "15852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15852"
},
{
"name": "15944",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15944"
},
{
"name": "SUSE-SR:2005:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"name": "15883",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15883"
},
{
"name": "15872",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15872"
},
{
"name": "15895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15895"
},
{
"name": "oval:org.mitre.oval:def:11294",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294"
},
{
"name": "1015336",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015336"
},
{
"name": "DSA-746",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-746"
},
{
"name": "17674",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17674"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005"
},
{
"name": "ADV-2005-2827",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2827"
},
{
"name": "15917",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15917"
},
{
"name": "DSA-747",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-747"
},
{
"name": "SUSE-SA:2005:041",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_41_php_pear.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory-022005.php"
},
{
"name": "SSRT051069",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419064/100/0/threaded"
},
{
"name": "SUSE-SA:2005:051",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112605112027335\u0026w=2"
},
{
"name": "15957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15957"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ampache.org/announce/3_3_1_2.php"
},
{
"name": "15810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15810"
},
{
"name": "GLSA-200507-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200507-01.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt"
},
{
"name": "14088",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14088"
},
{
"name": "16693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16693"
},
{
"name": "20050629 Advisory 02/2005: Remote code execution in Serendipity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112008638320145\u0026w=2"
},
{
"name": "20050629 [DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112015336720867\u0026w=2"
},
{
"name": "GLSA-200507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200507-07.xml"
},
{
"name": "15904",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15904"
},
{
"name": "15903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15903"
},
{
"name": "SUSE-SA:2005:049",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_49_php.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=338803"
},
{
"name": "17440",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17440"
},
{
"name": "15922",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15922"
},
{
"name": "15884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15884"
},
{
"name": "15916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15916"
},
{
"name": "RHSA-2005:564",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-564.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pear.php.net/package/XML_RPC/download/1.3.1"
},
{
"name": "16001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16001"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=87163"
},
{
"name": "MDKSA-2005:109",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:109"
},
{
"name": "GLSA-200507-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200507-06.xml"
},
{
"name": "DSA-745",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-745"
},
{
"name": "HPSBTU02083",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419064/100/0/threaded"
},
{
"name": "15855",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15855"
},
{
"name": "16339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16339"
},
{
"name": "18003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18003"
},
{
"name": "15861",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15861"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:350",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350"
},
{
"name": "DSA-789",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-789"
},
{
"name": "15947",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15947"
},
{
"name": "15852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15852"
},
{
"name": "15944",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15944"
},
{
"name": "SUSE-SR:2005:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"name": "15883",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15883"
},
{
"name": "15872",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15872"
},
{
"name": "15895",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15895"
},
{
"name": "oval:org.mitre.oval:def:11294",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294"
},
{
"name": "1015336",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015336"
},
{
"name": "DSA-746",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-746"
},
{
"name": "17674",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17674"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005"
},
{
"name": "ADV-2005-2827",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2827"
},
{
"name": "15917",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15917"
},
{
"name": "DSA-747",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-747"
},
{
"name": "SUSE-SA:2005:041",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_41_php_pear.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory-022005.php"
},
{
"name": "SSRT051069",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/419064/100/0/threaded"
},
{
"name": "SUSE-SA:2005:051",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112605112027335\u0026w=2"
},
{
"name": "15957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15957"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ampache.org/announce/3_3_1_2.php"
},
{
"name": "15810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15810"
},
{
"name": "GLSA-200507-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200507-01.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt"
},
{
"name": "14088",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14088"
},
{
"name": "16693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16693"
},
{
"name": "20050629 Advisory 02/2005: Remote code execution in Serendipity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112008638320145\u0026w=2"
},
{
"name": "20050629 [DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112015336720867\u0026w=2"
},
{
"name": "GLSA-200507-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200507-07.xml"
},
{
"name": "15904",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15904"
},
{
"name": "15903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15903"
},
{
"name": "SUSE-SA:2005:049",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_49_php.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=338803"
},
{
"name": "17440",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17440"
},
{
"name": "15922",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15922"
},
{
"name": "15884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15884"
},
{
"name": "15916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15916"
},
{
"name": "RHSA-2005:564",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-564.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pear.php.net/package/XML_RPC/download/1.3.1"
},
{
"name": "16001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16001"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=87163"
},
{
"name": "MDKSA-2005:109",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:109"
},
{
"name": "GLSA-200507-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200507-06.xml"
},
{
"name": "DSA-745",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-745"
},
{
"name": "HPSBTU02083",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/419064/100/0/threaded"
},
{
"name": "15855",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15855"
},
{
"name": "16339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16339"
},
{
"name": "18003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18003"
},
{
"name": "15861",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15861"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-1921",
"datePublished": "2005-07-01T04:00:00",
"dateReserved": "2005-06-08T00:00:00",
"dateUpdated": "2024-08-07T22:06:57.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-29254
Vulnerability from cvelistv5
Published
2020-12-11 15:11
Modified
2024-08-04 16:48
Severity ?
EPSS score ?
Summary
TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited.
References
| ▼ | URL | Tags |
|---|---|---|
| https://youtu.be/Uc3sRBitu50 | x_refsource_MISC | |
| https://github.com/S1lkys/CVE-2020-29254 | x_refsource_MISC | |
| https://github.com/S1lkys/CVE-2020-29254/blob/main/Tiki-Wiki%2021.2%20by%20Maximilian%20Barz.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:48:01.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://youtu.be/Uc3sRBitu50"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/S1lkys/CVE-2020-29254"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/S1lkys/CVE-2020-29254/blob/main/Tiki-Wiki%2021.2%20by%20Maximilian%20Barz.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-11T15:11:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://youtu.be/Uc3sRBitu50"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/S1lkys/CVE-2020-29254"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/S1lkys/CVE-2020-29254/blob/main/Tiki-Wiki%2021.2%20by%20Maximilian%20Barz.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://youtu.be/Uc3sRBitu50",
"refsource": "MISC",
"url": "https://youtu.be/Uc3sRBitu50"
},
{
"name": "https://github.com/S1lkys/CVE-2020-29254",
"refsource": "MISC",
"url": "https://github.com/S1lkys/CVE-2020-29254"
},
{
"name": "https://github.com/S1lkys/CVE-2020-29254/blob/main/Tiki-Wiki%2021.2%20by%20Maximilian%20Barz.pdf",
"refsource": "MISC",
"url": "https://github.com/S1lkys/CVE-2020-29254/blob/main/Tiki-Wiki%2021.2%20by%20Maximilian%20Barz.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29254",
"datePublished": "2020-12-11T15:11:10",
"dateReserved": "2020-11-27T00:00:00",
"dateUpdated": "2024-08-04T16:48:01.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9305
Vulnerability from cvelistv5
Published
2017-05-31 03:54
Modified
2024-08-05 17:02
Severity ?
EPSS score ?
Summary
lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/tikiorg/tiki/commit/6c016e8f066d2f404b18eaa1af7fa0c7a9651ccd | x_refsource_MISC | |
| https://www.cdxy.me/?p=763 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tikiorg/tiki/commit/6c016e8f066d2f404b18eaa1af7fa0c7a9651ccd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cdxy.me/?p=763"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-31T03:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tikiorg/tiki/commit/6c016e8f066d2f404b18eaa1af7fa0c7a9651ccd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cdxy.me/?p=763"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tikiorg/tiki/commit/6c016e8f066d2f404b18eaa1af7fa0c7a9651ccd",
"refsource": "MISC",
"url": "https://github.com/tikiorg/tiki/commit/6c016e8f066d2f404b18eaa1af7fa0c7a9651ccd"
},
{
"name": "https://www.cdxy.me/?p=763",
"refsource": "MISC",
"url": "https://www.cdxy.me/?p=763"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9305",
"datePublished": "2017-05-31T03:54:00",
"dateReserved": "2017-05-30T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2635
Vulnerability from cvelistv5
Published
2006-05-30 10:00
Modified
2024-08-07 17:58
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<scr<script>ipt>" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) "Assign new module" and (16) "Create new user module" in (k) tiki-admin_modules.php, (17) an unspecified field in "Add notification" in (l) tiki-admin_notifications.php, (18) the offset parameter in (m) tiki-admin_notifications.php, the (19) Name and (20) Dsn fields in (o) tiki-admin_dsn.php, the (21) offset parameter in (p) tiki-admin_content_templates.php, (22) an unspecified field in "Create new template" in (q) tiki-admin_content_templates.php, and the (23) offset parameter in (r) tiki-admin_chat.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:58:51.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18143",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18143"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=131"
},
{
"name": "26050",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26050"
},
{
"name": "26059",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26059"
},
{
"name": "26061",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26061"
},
{
"name": "26053",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26053"
},
{
"name": "26060",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26060"
},
{
"name": "26056",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26056"
},
{
"name": "26054",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26054"
},
{
"name": "26051",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26051"
},
{
"name": "ADV-2006-2024",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2024"
},
{
"name": "26062",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26062"
},
{
"name": "976",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/976"
},
{
"name": "26057",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26057"
},
{
"name": "20334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20334"
},
{
"name": "26052",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26052"
},
{
"name": "26058",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26058"
},
{
"name": "26048",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26048"
},
{
"name": "20060525 Multiple XSS Vulnerabilities in Tikiwiki 1.9.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435127/100/0/threaded"
},
{
"name": "20060608 Tikiwiki 1.9.3.2 security release",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436432/100/0/threaded"
},
{
"name": "26049",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26049"
},
{
"name": "26055",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26055"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as \"\u003cscr\u003cscript\u003eipt\u003e\" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) \"Assign new module\" and (16) \"Create new user module\" in (k) tiki-admin_modules.php, (17) an unspecified field in \"Add notification\" in (l) tiki-admin_notifications.php, (18) the offset parameter in (m) tiki-admin_notifications.php, the (19) Name and (20) Dsn fields in (o) tiki-admin_dsn.php, the (21) offset parameter in (p) tiki-admin_content_templates.php, (22) an unspecified field in \"Create new template\" in (q) tiki-admin_content_templates.php, and the (23) offset parameter in (r) tiki-admin_chat.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18143",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18143"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=131"
},
{
"name": "26050",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26050"
},
{
"name": "26059",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26059"
},
{
"name": "26061",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26061"
},
{
"name": "26053",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26053"
},
{
"name": "26060",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26060"
},
{
"name": "26056",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26056"
},
{
"name": "26054",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26054"
},
{
"name": "26051",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26051"
},
{
"name": "ADV-2006-2024",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2024"
},
{
"name": "26062",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26062"
},
{
"name": "976",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/976"
},
{
"name": "26057",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26057"
},
{
"name": "20334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20334"
},
{
"name": "26052",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26052"
},
{
"name": "26058",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26058"
},
{
"name": "26048",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26048"
},
{
"name": "20060525 Multiple XSS Vulnerabilities in Tikiwiki 1.9.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435127/100/0/threaded"
},
{
"name": "20060608 Tikiwiki 1.9.3.2 security release",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436432/100/0/threaded"
},
{
"name": "26049",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26049"
},
{
"name": "26055",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26055"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as \"\u003cscr\u003cscript\u003eipt\u003e\" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) \"Assign new module\" and (16) \"Create new user module\" in (k) tiki-admin_modules.php, (17) an unspecified field in \"Add notification\" in (l) tiki-admin_notifications.php, (18) the offset parameter in (m) tiki-admin_notifications.php, the (19) Name and (20) Dsn fields in (o) tiki-admin_dsn.php, the (21) offset parameter in (p) tiki-admin_content_templates.php, (22) an unspecified field in \"Create new template\" in (q) tiki-admin_content_templates.php, and the (23) offset parameter in (r) tiki-admin_chat.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18143"
},
{
"name": "http://tikiwiki.org/tiki-read_article.php?articleId=131",
"refsource": "CONFIRM",
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=131"
},
{
"name": "26050",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26050"
},
{
"name": "26059",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26059"
},
{
"name": "26061",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26061"
},
{
"name": "26053",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26053"
},
{
"name": "26060",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26060"
},
{
"name": "26056",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26056"
},
{
"name": "26054",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26054"
},
{
"name": "26051",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26051"
},
{
"name": "ADV-2006-2024",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2024"
},
{
"name": "26062",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26062"
},
{
"name": "976",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/976"
},
{
"name": "26057",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26057"
},
{
"name": "20334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20334"
},
{
"name": "26052",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26052"
},
{
"name": "26058",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26058"
},
{
"name": "26048",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26048"
},
{
"name": "20060525 Multiple XSS Vulnerabilities in Tikiwiki 1.9.x",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435127/100/0/threaded"
},
{
"name": "20060608 Tikiwiki 1.9.3.2 security release",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436432/100/0/threaded"
},
{
"name": "26049",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26049"
},
{
"name": "26055",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26055"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2635",
"datePublished": "2006-05-30T10:00:00",
"dateReserved": "2006-05-30T00:00:00",
"dateUpdated": "2024-08-07T17:58:51.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-14849
Vulnerability from cvelistv5
Published
2018-08-13 17:00
Modified
2024-08-05 09:38
Severity ?
EPSS score ?
Summary
Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2018/08/02/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2018/08/02/2 | mailing-list, x_refsource_MLIST | |
| https://sourceforge.net/p/tikiwiki/code/66809 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20180802 Stored XSS vulnerabilities in Tiki \u003c= 18.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/02/1"
},
{
"name": "[oss-security] 20180802 Re: Stored XSS vulnerabilities in Tiki \u003c= 18.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/02/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/tikiwiki/code/66809"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-13T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20180802 Stored XSS vulnerabilities in Tiki \u003c= 18.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/02/1"
},
{
"name": "[oss-security] 20180802 Re: Stored XSS vulnerabilities in Tiki \u003c= 18.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/02/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/tikiwiki/code/66809"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20180802 Stored XSS vulnerabilities in Tiki \u003c= 18.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/08/02/1"
},
{
"name": "[oss-security] 20180802 Re: Stored XSS vulnerabilities in Tiki \u003c= 18.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/08/02/2"
},
{
"name": "https://sourceforge.net/p/tikiwiki/code/66809",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/tikiwiki/code/66809"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14849",
"datePublished": "2018-08-13T17:00:00",
"dateReserved": "2018-08-02T00:00:00",
"dateUpdated": "2024-08-05T09:38:14.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8966
Vulnerability from cvelistv5
Published
2020-04-01 20:18
Modified
2024-09-16 16:23
Severity ?
EPSS score ?
Summary
There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.incibe-cert.es/en/early-warning/security-advisories/cross-site-scripting-xss-flaws-found-tiki-wiki-cms-software | x_refsource_CONFIRM | |
| https://sourceforge.net/p/tikiwiki/code/75455 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Tiki-Wiki Groupware | Tiki-Wiki CMS |
Version: through 20.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/cross-site-scripting-xss-flaws-found-tiki-wiki-cms-software"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/tikiwiki/code/75455"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tiki-Wiki CMS",
"vendor": "Tiki-Wiki Groupware",
"versions": [
{
"status": "affected",
"version": "through 20.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Pablo Sebasti\u00e1n Arias Rodr\u00edguez, Rub\u00e9n Barber\u00e0 P\u00e9rez, Jorge Alberto Palma Reyes from S2Grupo at CSIRT-CV (Valencia CSIRT) with special thanks to the CSIRT-CV team"
}
],
"datePublic": "2020-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T20:18:19",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/cross-site-scripting-xss-flaws-found-tiki-wiki-cms-software"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/tikiwiki/code/75455"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 21.0"
}
],
"source": {
"advisory": "INCIBE-2020-0134",
"discovery": "EXTERNAL"
},
"title": "Cross Site Scripting (XSS) flaws found in Tiki-Wiki CMS software",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2020-03-31T11:30:00.000Z",
"ID": "CVE-2020-8966",
"STATE": "PUBLIC",
"TITLE": "Cross Site Scripting (XSS) flaws found in Tiki-Wiki CMS software"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tiki-Wiki CMS",
"version": {
"version_data": [
{
"version_value": "through 20.0"
}
]
}
}
]
},
"vendor_name": "Tiki-Wiki Groupware"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Pablo Sebasti\u00e1n Arias Rodr\u00edguez, Rub\u00e9n Barber\u00e0 P\u00e9rez, Jorge Alberto Palma Reyes from S2Grupo at CSIRT-CV (Valencia CSIRT) with special thanks to the CSIRT-CV team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/security-advisories/cross-site-scripting-xss-flaws-found-tiki-wiki-cms-software",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/cross-site-scripting-xss-flaws-found-tiki-wiki-cms-software"
},
{
"name": "https://sourceforge.net/p/tikiwiki/code/75455",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/tikiwiki/code/75455"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 21.0"
}
],
"source": {
"advisory": "INCIBE-2020-0134",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2020-8966",
"datePublished": "2020-04-01T20:18:19.303817Z",
"dateReserved": "2020-02-13T00:00:00",
"dateUpdated": "2024-09-16T16:23:22.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3047
Vulnerability from cvelistv5
Published
2006-06-16 10:00
Modified
2024-08-07 18:16
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/20850 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/18421 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/20648 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/437017/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/1102 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27145 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2006/2349 | vdb-entry, x_refsource_VUPEN | |
| http://sourceforge.net/project/shownotes.php?group_id=64258&release_id=423840 | x_refsource_CONFIRM | |
| http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:05.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20850"
},
{
"name": "18421",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18421"
},
{
"name": "20648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20648"
},
{
"name": "20060613 TikiWiki Sql injection \u0026 XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/437017/100/0/threaded"
},
{
"name": "1102",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1102"
},
{
"name": "tikiwiki-script-errors-xss(27145)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27145"
},
{
"name": "ADV-2006-2349",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2349"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=64258\u0026release_id=423840"
},
{
"name": "GLSA-200606-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20850"
},
{
"name": "18421",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18421"
},
{
"name": "20648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20648"
},
{
"name": "20060613 TikiWiki Sql injection \u0026 XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/437017/100/0/threaded"
},
{
"name": "1102",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1102"
},
{
"name": "tikiwiki-script-errors-xss(27145)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27145"
},
{
"name": "ADV-2006-2349",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2349"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=64258\u0026release_id=423840"
},
{
"name": "GLSA-200606-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20850"
},
{
"name": "18421",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18421"
},
{
"name": "20648",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20648"
},
{
"name": "20060613 TikiWiki Sql injection \u0026 XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437017/100/0/threaded"
},
{
"name": "1102",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1102"
},
{
"name": "tikiwiki-script-errors-xss(27145)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27145"
},
{
"name": "ADV-2006-2349",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2349"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=64258\u0026release_id=423840",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=64258\u0026release_id=423840"
},
{
"name": "GLSA-200606-29",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3047",
"datePublished": "2006-06-16T10:00:00",
"dateReserved": "2006-06-16T00:00:00",
"dateUpdated": "2024-08-07T18:16:05.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0911
Vulnerability from cvelistv5
Published
2012-07-12 19:00
Modified
2024-08-06 18:38
Severity ?
EPSS score ?
Summary
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/19630 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.exploit-db.com/exploits/19573 | exploit, x_refsource_EXPLOIT-DB | |
| http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/54298 | vdb-entry, x_refsource_BID | |
| http://dev.tiki.org/item4109 | x_refsource_CONFIRM | |
| http://osvdb.org/83534 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/76758 | vdb-entry, x_refsource_XF | |
| http://info.tiki.org/article191-Tiki-Releases-8-4 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19630",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/19630"
},
{
"name": "19573",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/19573"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS"
},
{
"name": "54298",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54298"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.tiki.org/item4109"
},
{
"name": "83534",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/83534"
},
{
"name": "20120704 [CVE-2012-0911] Tiki Wiki CMS Groupware \u003c= 8.3 \"unserialize()\" PHP Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html"
},
{
"name": "tikiwiki-unserialize-code-exec(76758)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76758"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://info.tiki.org/article191-Tiki-Releases-8-4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19630",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/19630"
},
{
"name": "19573",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/19573"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS"
},
{
"name": "54298",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54298"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.tiki.org/item4109"
},
{
"name": "83534",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/83534"
},
{
"name": "20120704 [CVE-2012-0911] Tiki Wiki CMS Groupware \u003c= 8.3 \"unserialize()\" PHP Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html"
},
{
"name": "tikiwiki-unserialize-code-exec(76758)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76758"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://info.tiki.org/article191-Tiki-Releases-8-4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19630",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/19630"
},
{
"name": "19573",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/19573"
},
{
"name": "http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS",
"refsource": "CONFIRM",
"url": "http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS"
},
{
"name": "54298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54298"
},
{
"name": "http://dev.tiki.org/item4109",
"refsource": "CONFIRM",
"url": "http://dev.tiki.org/item4109"
},
{
"name": "83534",
"refsource": "OSVDB",
"url": "http://osvdb.org/83534"
},
{
"name": "20120704 [CVE-2012-0911] Tiki Wiki CMS Groupware \u003c= 8.3 \"unserialize()\" PHP Code Execution",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html"
},
{
"name": "tikiwiki-unserialize-code-exec(76758)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76758"
},
{
"name": "http://info.tiki.org/article191-Tiki-Releases-8-4",
"refsource": "CONFIRM",
"url": "http://info.tiki.org/article191-Tiki-Releases-8-4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0911",
"datePublished": "2012-07-12T19:00:00",
"dateReserved": "2012-01-23T00:00:00",
"dateUpdated": "2024-08-06T18:38:14.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5703
Vulnerability from cvelistv5
Published
2006-11-04 01:00
Modified
2024-08-07 19:55
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/4316 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29958 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/450268/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/22678 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/23039 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-200611-11.xml | vendor-advisory, x_refsource_GENTOO | |
| http://securityreason.com/securityalert/1816 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/20858 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:54.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4316"
},
{
"name": "tikiwiki-tikifeatured-xss(29958)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29958"
},
{
"name": "20061101 tikiwiki 1.9.5 mysql password disclosure \u0026 xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/450268/100/0/threaded"
},
{
"name": "22678",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22678"
},
{
"name": "23039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23039"
},
{
"name": "GLSA-200611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-11.xml"
},
{
"name": "1816",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1816"
},
{
"name": "20858",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20858"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-4316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4316"
},
{
"name": "tikiwiki-tikifeatured-xss(29958)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29958"
},
{
"name": "20061101 tikiwiki 1.9.5 mysql password disclosure \u0026 xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/450268/100/0/threaded"
},
{
"name": "22678",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22678"
},
{
"name": "23039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23039"
},
{
"name": "GLSA-200611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-11.xml"
},
{
"name": "1816",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1816"
},
{
"name": "20858",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20858"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4316"
},
{
"name": "tikiwiki-tikifeatured-xss(29958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29958"
},
{
"name": "20061101 tikiwiki 1.9.5 mysql password disclosure \u0026 xss",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450268/100/0/threaded"
},
{
"name": "22678",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22678"
},
{
"name": "23039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23039"
},
{
"name": "GLSA-200611-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200611-11.xml"
},
{
"name": "1816",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1816"
},
{
"name": "20858",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20858"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5703",
"datePublished": "2006-11-04T01:00:00",
"dateReserved": "2006-11-03T00:00:00",
"dateUpdated": "2024-08-07T19:55:54.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0200
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.gentoo.org/security/en/glsa/glsa-200501-41.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/13948 | third-party-advisory, x_refsource_SECUNIA | |
| http://tikiwiki.org/art102 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200501-41",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-41.xml"
},
{
"name": "13948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13948"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.org/art102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200501-41",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-41.xml"
},
{
"name": "13948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13948"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.org/art102"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200501-41",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-41.xml"
},
{
"name": "13948",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13948"
},
{
"name": "http://tikiwiki.org/art102",
"refsource": "CONFIRM",
"url": "http://tikiwiki.org/art102"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0200",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-31T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9889
Vulnerability from cvelistv5
Published
2016-12-23 05:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to tiki-setup.php and article_image.php. The impact is XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95083 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037531 | vdb-entry, x_refsource_SECTRACK | |
| https://tiki.org/article443-Security-update-Tiki-16-1-Tiki-15-3-and-Tiki-12-10-released | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:30.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95083",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95083"
},
{
"name": "1037531",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037531"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tiki.org/article443-Security-update-Tiki-16-1-Tiki-15-3-and-Tiki-12-10-released"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don\u0027t have the input sanitized, related to tiki-setup.php and article_image.php. The impact is XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-26T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95083",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95083"
},
{
"name": "1037531",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037531"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tiki.org/article443-Security-update-Tiki-16-1-Tiki-15-3-and-Tiki-12-10-released"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don\u0027t have the input sanitized, related to tiki-setup.php and article_image.php. The impact is XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95083"
},
{
"name": "1037531",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037531"
},
{
"name": "https://tiki.org/article443-Security-update-Tiki-16-1-Tiki-15-3-and-Tiki-12-10-released",
"refsource": "CONFIRM",
"url": "https://tiki.org/article443-Security-update-Tiki-16-1-Tiki-15-3-and-Tiki-12-10-released"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9889",
"datePublished": "2016-12-23T05:00:00",
"dateReserved": "2016-12-07T00:00:00",
"dateUpdated": "2024-08-06T03:07:30.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9145
Vulnerability from cvelistv5
Published
2017-06-26 13:00
Modified
2024-08-05 16:55
Severity ?
EPSS score ?
Summary
TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/p/tikiwiki/code/62386 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:55:22.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/tikiwiki/code/62386"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-26T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/tikiwiki/code/62386"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/tikiwiki/code/62386",
"refsource": "MISC",
"url": "https://sourceforge.net/p/tikiwiki/code/62386"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9145",
"datePublished": "2017-06-26T13:00:00",
"dateReserved": "2017-05-22T00:00:00",
"dateUpdated": "2024-08-05T16:55:22.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1927
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/10100 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=108180073206947&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/11344 | third-party-advisory, x_refsource_SECUNIA | |
| http://tikiwiki.org/tiki-read_article.php?articleId=66 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15848 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10100",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"name": "20040412 Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"name": "11344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11344"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"name": "tikiwiki-tikimap-file-disclosure(15848)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15848"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10100",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"name": "20040412 Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"name": "11344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11344"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"name": "tikiwiki-tikimap-file-disclosure(15848)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15848"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10100"
},
{
"name": "20040412 Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"name": "11344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11344"
},
{
"name": "http://tikiwiki.org/tiki-read_article.php?articleId=66",
"refsource": "CONFIRM",
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"name": "tikiwiki-tikimap-file-disclosure(15848)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15848"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1927",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3283
Vulnerability from cvelistv5
Published
2005-10-23 04:00
Modified
2024-08-07 23:10
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tikiwiki.org/art118 | x_refsource_CONFIRM | |
| http://sourceforge.net/project/shownotes.php?release_id=364457 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2005/2176 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/15164 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1015087 | vdb-entry, x_refsource_SECTRACK | |
| http://www.gentoo.org/security/en/glsa/glsa-200510-23.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/17363 | third-party-advisory, x_refsource_SECUNIA | |
| http://bugs.gentoo.org/show_bug.cgi?id=109858 | x_refsource_MISC | |
| http://secunia.com/advisories/17279 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:07.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.org/art118"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=364457"
},
{
"name": "ADV-2005-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2176"
},
{
"name": "15164",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15164"
},
{
"name": "1015087",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015087"
},
{
"name": "GLSA-200510-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-23.xml"
},
{
"name": "17363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17363"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=109858"
},
{
"name": "17279",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17279"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-04T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.org/art118"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=364457"
},
{
"name": "ADV-2005-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2176"
},
{
"name": "15164",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15164"
},
{
"name": "1015087",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015087"
},
{
"name": "GLSA-200510-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-23.xml"
},
{
"name": "17363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17363"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=109858"
},
{
"name": "17279",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17279"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tikiwiki.org/art118",
"refsource": "CONFIRM",
"url": "http://tikiwiki.org/art118"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=364457",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=364457"
},
{
"name": "ADV-2005-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2176"
},
{
"name": "15164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15164"
},
{
"name": "1015087",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015087"
},
{
"name": "GLSA-200510-23",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-23.xml"
},
{
"name": "17363",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17363"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=109858",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=109858"
},
{
"name": "17279",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17279"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3283",
"datePublished": "2005-10-23T04:00:00",
"dateReserved": "2005-10-23T00:00:00",
"dateUpdated": "2024-08-07T23:10:07.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1134
Vulnerability from cvelistv5
Published
2010-03-26 21:00
Modified
2024-08-07 01:14
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38608 | vdb-entry, x_refsource_BID | |
| http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases | x_refsource_CONFIRM | |
| http://osvdb.org/62800 | vdb-entry, x_refsource_OSVDB | |
| http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25429 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56769 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/38882 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38608",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38608"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"name": "62800",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25429"
},
{
"name": "tikiwiki-unknown-input-sql-injection(56769)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56769"
},
{
"name": "38882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38882"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38608",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38608"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"name": "62800",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25429"
},
{
"name": "tikiwiki-unknown-input-sql-injection(56769)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56769"
},
{
"name": "38882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38882"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38608"
},
{
"name": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases",
"refsource": "CONFIRM",
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"name": "62800",
"refsource": "OSVDB",
"url": "http://osvdb.org/62800"
},
{
"name": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25429",
"refsource": "CONFIRM",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25429"
},
{
"name": "tikiwiki-unknown-input-sql-injection(56769)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56769"
},
{
"name": "38882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38882"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1134",
"datePublished": "2010-03-26T21:00:00",
"dateReserved": "2010-03-26T00:00:00",
"dateUpdated": "2024-08-07T01:14:06.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1135
Vulnerability from cvelistv5
Published
2010-03-26 21:00
Modified
2024-08-07 01:14
Severity ?
EPSS score ?
Summary
The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38608 | vdb-entry, x_refsource_BID | |
| http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases | x_refsource_CONFIRM | |
| http://secunia.com/advisories/38896 | third-party-advisory, x_refsource_SECUNIA | |
| http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25046 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56770 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:05.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38608",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38608"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"name": "38896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38896"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25046"
},
{
"name": "tikiwiki-userlogout-unspecified(56770)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56770"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38608",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38608"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"name": "38896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38896"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25046"
},
{
"name": "tikiwiki-userlogout-unspecified(56770)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56770"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38608"
},
{
"name": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases",
"refsource": "CONFIRM",
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"name": "38896",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38896"
},
{
"name": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25046",
"refsource": "CONFIRM",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25046"
},
{
"name": "tikiwiki-userlogout-unspecified(56770)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56770"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1135",
"datePublished": "2010-03-26T21:00:00",
"dateReserved": "2010-03-26T00:00:00",
"dateUpdated": "2024-08-07T01:14:05.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1047
Vulnerability from cvelistv5
Published
2008-02-27 19:00
Modified
2024-08-07 08:08
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/29092 | third-party-advisory, x_refsource_SECUNIA | |
| http://tikiwiki.org/ReleaseNotes1910 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/27968 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2008/0661 | vdb-entry, x_refsource_VUPEN | |
| http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=1498 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29092",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29092"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.org/ReleaseNotes1910"
},
{
"name": "27968",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27968"
},
{
"name": "ADV-2008-0661",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0661"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=1498"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29092",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29092"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.org/ReleaseNotes1910"
},
{
"name": "27968",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27968"
},
{
"name": "ADV-2008-0661",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0661"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=1498"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29092",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29092"
},
{
"name": "http://tikiwiki.org/ReleaseNotes1910",
"refsource": "CONFIRM",
"url": "http://tikiwiki.org/ReleaseNotes1910"
},
{
"name": "27968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27968"
},
{
"name": "ADV-2008-0661",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0661"
},
{
"name": "http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=1498",
"refsource": "CONFIRM",
"url": "http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=1498"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1047",
"datePublished": "2008-02-27T19:00:00",
"dateReserved": "2008-02-27T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4336
Vulnerability from cvelistv5
Published
2020-01-15 13:48
Modified
2024-08-07 00:01
Severity ?
EPSS score ?
Summary
Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://seclists.org/bugtraq/2011/Nov/140 | x_refsource_MISC | |
| https://www.securityfocus.com/bid/48806/info | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Tiki | Wiki CMS Groupware |
Version: 7.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2011/Nov/140"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/48806/info"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wiki CMS Groupware",
"vendor": "Tiki",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tiki Wiki CMS Groupware 7.0 has XSS via the GET \"ajax\" parameter to snarf_ajax.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T13:48:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2011/Nov/140"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/48806/info"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wiki CMS Groupware",
"version": {
"version_data": [
{
"version_value": "7.0"
}
]
}
}
]
},
"vendor_name": "Tiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tiki Wiki CMS Groupware 7.0 has XSS via the GET \"ajax\" parameter to snarf_ajax.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/bugtraq/2011/Nov/140",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2011/Nov/140"
},
{
"name": "https://www.securityfocus.com/bid/48806/info",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/48806/info"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4336",
"datePublished": "2020-01-15T13:48:01",
"dateReserved": "2011-11-04T00:00:00",
"dateUpdated": "2024-08-07T00:01:51.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1924
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php, (3) flag, priority, flagval, sort_mode, or find parameters to messu-read.php, (4) articleId parameter to tiki-read_article.php, (5) parentId parameter to tiki-browse_categories.php, (6) comments_threshold parameter to tiki-index.php (7) articleId parameter to tiki-print_article.php, (8) galleryId parameter to tiki-list_file_gallery.php, (9) galleryId parameter to tiki-upload_file.php, (10) faqId parameter to tiki-view_faq.php, (11) chartId parameter to tiki-view_chart.php, or (12) surveyId parameter to tiki-survey_stats_survey.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15846 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/10100 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=108180073206947&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/11344 | third-party-advisory, x_refsource_SECUNIA | |
| http://tikiwiki.org/tiki-read_article.php?articleId=66 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "tikiwiki-xss(15846)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15846"
},
{
"name": "10100",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"name": "20040412 Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"name": "11344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11344"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php, (3) flag, priority, flagval, sort_mode, or find parameters to messu-read.php, (4) articleId parameter to tiki-read_article.php, (5) parentId parameter to tiki-browse_categories.php, (6) comments_threshold parameter to tiki-index.php (7) articleId parameter to tiki-print_article.php, (8) galleryId parameter to tiki-list_file_gallery.php, (9) galleryId parameter to tiki-upload_file.php, (10) faqId parameter to tiki-view_faq.php, (11) chartId parameter to tiki-view_chart.php, or (12) surveyId parameter to tiki-survey_stats_survey.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "tikiwiki-xss(15846)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15846"
},
{
"name": "10100",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"name": "20040412 Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"name": "11344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11344"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php, (3) flag, priority, flagval, sort_mode, or find parameters to messu-read.php, (4) articleId parameter to tiki-read_article.php, (5) parentId parameter to tiki-browse_categories.php, (6) comments_threshold parameter to tiki-index.php (7) articleId parameter to tiki-print_article.php, (8) galleryId parameter to tiki-list_file_gallery.php, (9) galleryId parameter to tiki-upload_file.php, (10) faqId parameter to tiki-view_faq.php, (11) chartId parameter to tiki-view_chart.php, or (12) surveyId parameter to tiki-survey_stats_survey.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tikiwiki-xss(15846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15846"
},
{
"name": "10100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10100"
},
{
"name": "20040412 Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"name": "11344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11344"
},
{
"name": "http://tikiwiki.org/tiki-read_article.php?articleId=66",
"refsource": "CONFIRM",
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1924",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6529
Vulnerability from cvelistv5
Published
2007-12-27 22:00
Modified
2024-08-07 16:11
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3) tiki-g-admin_shared_source.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tikiwiki.org/ReleaseProcess199 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/28225 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/41177 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/28602 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-200801-10.xml | vendor-advisory, x_refsource_GENTOO | |
| http://osvdb.org/41176 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/41175 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:05.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.org/ReleaseProcess199"
},
{
"name": "28225",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28225"
},
{
"name": "41177",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41177"
},
{
"name": "28602",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28602"
},
{
"name": "GLSA-200801-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-10.xml"
},
{
"name": "41176",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41176"
},
{
"name": "41175",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41175"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3) tiki-g-admin_shared_source.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-01T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.org/ReleaseProcess199"
},
{
"name": "28225",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28225"
},
{
"name": "41177",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41177"
},
{
"name": "28602",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28602"
},
{
"name": "GLSA-200801-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-10.xml"
},
{
"name": "41176",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41176"
},
{
"name": "41175",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41175"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3) tiki-g-admin_shared_source.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tikiwiki.org/ReleaseProcess199",
"refsource": "CONFIRM",
"url": "http://tikiwiki.org/ReleaseProcess199"
},
{
"name": "28225",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28225"
},
{
"name": "41177",
"refsource": "OSVDB",
"url": "http://osvdb.org/41177"
},
{
"name": "28602",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28602"
},
{
"name": "GLSA-200801-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-10.xml"
},
{
"name": "41176",
"refsource": "OSVDB",
"url": "http://osvdb.org/41176"
},
{
"name": "41175",
"refsource": "OSVDB",
"url": "http://osvdb.org/41175"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6529",
"datePublished": "2007-12-27T22:00:00",
"dateReserved": "2007-12-27T00:00:00",
"dateUpdated": "2024-08-07T16:11:05.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4240
Vulnerability from cvelistv5
Published
2019-10-28 14:45
Modified
2024-08-07 03:34
Severity ?
EPSS score ?
Summary
Tiki Wiki CMS Groupware 5.2 has XSS
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-4240 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2010-4240 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2010/11/22/9 | x_refsource_MISC | |
| https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xss.txt | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Tiki Wiki | CMS Groupware |
Version: 5.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4240"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4240"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xss.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CMS Groupware",
"vendor": "Tiki Wiki",
"versions": [
{
"status": "affected",
"version": "5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tiki Wiki CMS Groupware 5.2 has XSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "UNKNOWN_TYPE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-28T14:45:55",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4240"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4240"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xss.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CMS Groupware",
"version": {
"version_data": [
{
"version_value": "5.2"
}
]
}
}
]
},
"vendor_name": "Tiki Wiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tiki Wiki CMS Groupware 5.2 has XSS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-4240",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4240"
},
{
"name": "https://access.redhat.com/security/cve/cve-2010-4240",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2010-4240"
},
{
"name": "https://www.openwall.com/lists/oss-security/2010/11/22/9",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
},
{
"name": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xss.txt",
"refsource": "MISC",
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xss.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4240",
"datePublished": "2019-10-28T14:45:55",
"dateReserved": "2010-11-16T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4241
Vulnerability from cvelistv5
Published
2019-10-28 14:43
Modified
2024-08-07 03:34
Severity ?
EPSS score ?
Summary
Tiki Wiki CMS Groupware 5.2 has CSRF
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-4241 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2010-4241 | x_refsource_MISC | |
| https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2010/11/22/9 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Tiki Wiki | CMS Groupware |
Version: 5.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4241"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4241"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CMS Groupware",
"vendor": "Tiki Wiki",
"versions": [
{
"status": "affected",
"version": "5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tiki Wiki CMS Groupware 5.2 has CSRF"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "UNKNOWN_TYPE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-28T14:43:05",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4241"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4241"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CMS Groupware",
"version": {
"version_data": [
{
"version_value": "5.2"
}
]
}
}
]
},
"vendor_name": "Tiki Wiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tiki Wiki CMS Groupware 5.2 has CSRF"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-4241",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4241"
},
{
"name": "https://access.redhat.com/security/cve/cve-2010-4241",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2010-4241"
},
{
"name": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt",
"refsource": "MISC",
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt"
},
{
"name": "https://www.openwall.com/lists/oss-security/2010/11/22/9",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4241",
"datePublished": "2019-10-28T14:43:05",
"dateReserved": "2010-11-16T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3654
Vulnerability from cvelistv5
Published
2008-08-13 01:00
Modified
2024-08-07 09:45
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44421 | vdb-entry, x_refsource_XF | |
| http://info.tikiwiki.org/tiki-read_article.php?articleId=35 | x_refsource_CONFIRM | |
| http://tikiwiki.org/ReleaseNotes20 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:18.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "tikiwikicms-unspecified-path-disclosure(44421)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44421"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=35"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.org/ReleaseNotes20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain \"path and PHP configuration\" via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "tikiwikicms-unspecified-path-disclosure(44421)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44421"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=35"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.org/ReleaseNotes20"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain \"path and PHP configuration\" via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tikiwikicms-unspecified-path-disclosure(44421)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44421"
},
{
"name": "http://info.tikiwiki.org/tiki-read_article.php?articleId=35",
"refsource": "CONFIRM",
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=35"
},
{
"name": "http://tikiwiki.org/ReleaseNotes20",
"refsource": "CONFIRM",
"url": "http://tikiwiki.org/ReleaseNotes20"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3654",
"datePublished": "2008-08-13T01:00:00",
"dateReserved": "2008-08-12T00:00:00",
"dateUpdated": "2024-08-07T09:45:18.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4239
Vulnerability from cvelistv5
Published
2019-10-28 14:48
Modified
2024-08-07 03:34
Severity ?
EPSS score ?
Summary
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-4239 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2010-4239 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2010/11/22/9 | x_refsource_MISC | |
| https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Tiki Wiki | CMS Groupware |
Version: 5.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4239"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4239"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CMS Groupware",
"vendor": "Tiki Wiki",
"versions": [
{
"status": "affected",
"version": "5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tiki Wiki CMS Groupware 5.2 has Local File Inclusion"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "UNKNOWN_TYPE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-28T14:48:29",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4239"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4239"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CMS Groupware",
"version": {
"version_data": [
{
"version_value": "5.2"
}
]
}
}
]
},
"vendor_name": "Tiki Wiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tiki Wiki CMS Groupware 5.2 has Local File Inclusion"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-4239",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4239"
},
{
"name": "https://access.redhat.com/security/cve/cve-2010-4239",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2010-4239"
},
{
"name": "https://www.openwall.com/lists/oss-security/2010/11/22/9",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
},
{
"name": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt",
"refsource": "MISC",
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4239",
"datePublished": "2019-10-28T14:48:29",
"dateReserved": "2010-11-16T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6526
Vulnerability from cvelistv5
Published
2007-12-27 22:00
Modified
2024-08-07 16:11
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/41179 | vdb-entry, x_refsource_OSVDB | |
| http://tikiwiki.org/ReleaseProcess199 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/27004 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/28225 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/28602 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-200801-10.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.h-labs.org/blog/2007/12/24/tikiwiki_1_9_8_3_tiki_special_chars_php_xss_vulnerability.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/485483/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/3483 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41179",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41179"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.org/ReleaseProcess199"
},
{
"name": "27004",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27004"
},
{
"name": "28225",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28225"
},
{
"name": "28602",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28602"
},
{
"name": "GLSA-200801-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-10.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.h-labs.org/blog/2007/12/24/tikiwiki_1_9_8_3_tiki_special_chars_php_xss_vulnerability.html"
},
{
"name": "20071224 Tikiwiki 1.9.8.3 tiki-special_chars.php XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485483/100/0/threaded"
},
{
"name": "3483",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3483"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "41179",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41179"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.org/ReleaseProcess199"
},
{
"name": "27004",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27004"
},
{
"name": "28225",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28225"
},
{
"name": "28602",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28602"
},
{
"name": "GLSA-200801-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-10.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.h-labs.org/blog/2007/12/24/tikiwiki_1_9_8_3_tiki_special_chars_php_xss_vulnerability.html"
},
{
"name": "20071224 Tikiwiki 1.9.8.3 tiki-special_chars.php XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485483/100/0/threaded"
},
{
"name": "3483",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3483"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41179",
"refsource": "OSVDB",
"url": "http://osvdb.org/41179"
},
{
"name": "http://tikiwiki.org/ReleaseProcess199",
"refsource": "CONFIRM",
"url": "http://tikiwiki.org/ReleaseProcess199"
},
{
"name": "27004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27004"
},
{
"name": "28225",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28225"
},
{
"name": "28602",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28602"
},
{
"name": "GLSA-200801-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-10.xml"
},
{
"name": "http://www.h-labs.org/blog/2007/12/24/tikiwiki_1_9_8_3_tiki_special_chars_php_xss_vulnerability.html",
"refsource": "MISC",
"url": "http://www.h-labs.org/blog/2007/12/24/tikiwiki_1_9_8_3_tiki_special_chars_php_xss_vulnerability.html"
},
{
"name": "20071224 Tikiwiki 1.9.8.3 tiki-special_chars.php XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485483/100/0/threaded"
},
{
"name": "3483",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3483"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6526",
"datePublished": "2007-12-27T22:00:00",
"dateReserved": "2007-12-27T00:00:00",
"dateUpdated": "2024-08-07T16:11:06.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4554
Vulnerability from cvelistv5
Published
2007-08-28 00:00
Modified
2024-08-07 15:01
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/477653/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/25433 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/3064 | third-party-advisory, x_refsource_SREASON | |
| http://www.vupen.com/english/advisories/2007/2984 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/26618 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070824 Tikiwiki 1.9.7 HTML/embed object injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477653/100/0/threaded"
},
{
"name": "25433",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25433"
},
{
"name": "3064",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3064"
},
{
"name": "ADV-2007-2984",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2984"
},
{
"name": "26618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26618"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070824 Tikiwiki 1.9.7 HTML/embed object injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477653/100/0/threaded"
},
{
"name": "25433",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25433"
},
{
"name": "3064",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3064"
},
{
"name": "ADV-2007-2984",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2984"
},
{
"name": "26618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26618"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070824 Tikiwiki 1.9.7 HTML/embed object injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477653/100/0/threaded"
},
{
"name": "25433",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25433"
},
{
"name": "3064",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3064"
},
{
"name": "ADV-2007-2984",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2984"
},
{
"name": "26618",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26618"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4554",
"datePublished": "2007-08-28T00:00:00",
"dateReserved": "2007-08-27T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1136
Vulnerability from cvelistv5
Published
2010-03-26 21:00
Modified
2024-08-07 01:14
Severity ?
EPSS score ?
Summary
The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/38608 | vdb-entry, x_refsource_BID | |
| http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases | x_refsource_CONFIRM | |
| http://osvdb.org/62801 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56771 | vdb-entry, x_refsource_XF | |
| http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196 | x_refsource_MISC | |
| http://secunia.com/advisories/38882 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:05.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25196"
},
{
"name": "38608",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38608"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"name": "62801",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62801"
},
{
"name": "tikiwiki-standardmethod-unspecified(56771)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56771"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196\u0026r2=25195\u0026pathrev=25196"
},
{
"name": "38882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38882"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to \"persistent login,\" probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25196"
},
{
"name": "38608",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38608"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"name": "62801",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62801"
},
{
"name": "tikiwiki-standardmethod-unspecified(56771)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56771"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196\u0026r2=25195\u0026pathrev=25196"
},
{
"name": "38882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38882"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to \"persistent login,\" probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25196",
"refsource": "CONFIRM",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25196"
},
{
"name": "38608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38608"
},
{
"name": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases",
"refsource": "CONFIRM",
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"name": "62801",
"refsource": "OSVDB",
"url": "http://osvdb.org/62801"
},
{
"name": "tikiwiki-standardmethod-unspecified(56771)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56771"
},
{
"name": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196\u0026r2=25195\u0026pathrev=25196",
"refsource": "MISC",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196\u0026r2=25195\u0026pathrev=25196"
},
{
"name": "38882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38882"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1136",
"datePublished": "2010-03-26T21:00:00",
"dateReserved": "2010-03-26T00:00:00",
"dateUpdated": "2024-08-07T01:14:05.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6022
Vulnerability from cvelistv5
Published
2020-02-12 21:48
Modified
2024-08-06 17:29
Severity ?
EPSS score ?
Summary
A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/63463 | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/450646 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63463"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/450646"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tiki",
"vendor": "Tiki",
"versions": [
{
"status": "affected",
"version": "2013"
}
]
}
],
"datePublic": "2013-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T21:48:43",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/63463"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kb.cert.org/vuls/id/450646"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-6022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tiki",
"version": {
"version_data": [
{
"version_value": "2013"
}
]
}
}
]
},
"vendor_name": "Tiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/63463",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/63463"
},
{
"name": "http://www.kb.cert.org/vuls/id/450646",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/450646"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-6022",
"datePublished": "2020-02-12T21:48:43",
"dateReserved": "2013-10-04T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3528
Vulnerability from cvelistv5
Published
2005-11-20 22:00
Modified
2024-08-07 23:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/17521 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/416152/30/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2005/2376 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/15371 | vdb-entry, x_refsource_BID | |
| http://moritz-naumann.com/adv/0003/tikiw/0003.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:22.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17521",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17521"
},
{
"name": "20051109 Multiple security issues in TikiWiki 1.9.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/416152/30/0/threaded"
},
{
"name": "ADV-2005-2376",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2376"
},
{
"name": "15371",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15371"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moritz-naumann.com/adv/0003/tikiw/0003.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17521",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17521"
},
{
"name": "20051109 Multiple security issues in TikiWiki 1.9.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/416152/30/0/threaded"
},
{
"name": "ADV-2005-2376",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2376"
},
{
"name": "15371",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15371"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moritz-naumann.com/adv/0003/tikiw/0003.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17521",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17521"
},
{
"name": "20051109 Multiple security issues in TikiWiki 1.9.x",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/416152/30/0/threaded"
},
{
"name": "ADV-2005-2376",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2376"
},
{
"name": "15371",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15371"
},
{
"name": "http://moritz-naumann.com/adv/0003/tikiw/0003.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0003/tikiw/0003.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3528",
"datePublished": "2005-11-20T22:00:00",
"dateReserved": "2005-11-09T00:00:00",
"dateUpdated": "2024-08-07T23:17:22.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3996
Vulnerability from cvelistv5
Published
2012-07-12 19:00
Modified
2024-09-17 02:16
Severity ?
EPSS score ?
Summary
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/19630 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.exploit-db.com/exploits/19573 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.osvdb.org/83533 | vdb-entry, x_refsource_OSVDB | |
| http://info.tiki.org/article191-Tiki-Releases-8-4 | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html | mailing-list, x_refsource_BUGTRAQ | |
| http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS | x_refsource_MISC | |
| http://dev.tiki.org/item4109 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19630",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/19630"
},
{
"name": "19573",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/19573"
},
{
"name": "83533",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/83533"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://info.tiki.org/article191-Tiki-Releases-8-4"
},
{
"name": "20120704 [CVE-2012-0911] Tiki Wiki CMS Groupware \u003c= 8.3 \"unserialize()\" PHP Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dev.tiki.org/item4109"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-12T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19630",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/19630"
},
{
"name": "19573",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/19573"
},
{
"name": "83533",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/83533"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://info.tiki.org/article191-Tiki-Releases-8-4"
},
{
"name": "20120704 [CVE-2012-0911] Tiki Wiki CMS Groupware \u003c= 8.3 \"unserialize()\" PHP Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dev.tiki.org/item4109"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19630",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/19630"
},
{
"name": "19573",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/19573"
},
{
"name": "83533",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/83533"
},
{
"name": "http://info.tiki.org/article191-Tiki-Releases-8-4",
"refsource": "MISC",
"url": "http://info.tiki.org/article191-Tiki-Releases-8-4"
},
{
"name": "20120704 [CVE-2012-0911] Tiki Wiki CMS Groupware \u003c= 8.3 \"unserialize()\" PHP Code Execution",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html"
},
{
"name": "http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS",
"refsource": "MISC",
"url": "http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS"
},
{
"name": "http://dev.tiki.org/item4109",
"refsource": "MISC",
"url": "http://dev.tiki.org/item4109"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3996",
"datePublished": "2012-07-12T19:00:00Z",
"dateReserved": "2012-07-12T00:00:00Z",
"dateUpdated": "2024-09-17T02:16:33.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3653
Vulnerability from cvelistv5
Published
2008-08-13 01:00
Modified
2024-08-07 09:45
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44422 | vdb-entry, x_refsource_XF | |
| http://info.tikiwiki.org/tiki-read_article.php?articleId=35 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:18.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "tikiwikicms-multiple-unspecified(44422)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44422"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=35"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "tikiwikicms-multiple-unspecified(44422)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44422"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=35"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tikiwikicms-multiple-unspecified(44422)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44422"
},
{
"name": "http://info.tikiwiki.org/tiki-read_article.php?articleId=35",
"refsource": "CONFIRM",
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=35"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3653",
"datePublished": "2008-08-13T01:00:00",
"dateReserved": "2008-08-12T00:00:00",
"dateUpdated": "2024-08-07T09:45:18.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6168
Vulnerability from cvelistv5
Published
2006-11-29 02:00
Modified
2024-08-07 20:19
Severity ?
EPSS score ?
Summary
tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email."
References
| ▼ | URL | Tags |
|---|---|---|
| http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/4709 | vdb-entry, x_refsource_VUPEN | |
| http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:35.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50\u0026r2=1.157.2.51"
},
{
"name": "ADV-2006-4709",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68\u0026r2=1.69"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger \"notification-spam\" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of \"a minimal check on email.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50\u0026r2=1.157.2.51"
},
{
"name": "ADV-2006-4709",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68\u0026r2=1.69"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger \"notification-spam\" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of \"a minimal check on email.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50\u0026r2=1.157.2.51",
"refsource": "CONFIRM",
"url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50\u0026r2=1.157.2.51"
},
{
"name": "ADV-2006-4709",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4709"
},
{
"name": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68\u0026r2=1.69",
"refsource": "CONFIRM",
"url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68\u0026r2=1.69"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6168",
"datePublished": "2006-11-29T02:00:00",
"dateReserved": "2006-11-28T00:00:00",
"dateUpdated": "2024-08-07T20:19:35.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6162
Vulnerability from cvelistv5
Published
2006-11-29 01:00
Modified
2024-08-07 20:19
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/21297 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2006/4709 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/22850 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/30692 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:34.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21297"
},
{
"name": "ADV-2006-4709",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4709"
},
{
"name": "22850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22850"
},
{
"name": "30692",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30692"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21297"
},
{
"name": "ADV-2006-4709",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4709"
},
{
"name": "22850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22850"
},
{
"name": "30692",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30692"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21297"
},
{
"name": "ADV-2006-4709",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4709"
},
{
"name": "22850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22850"
},
{
"name": "30692",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30692"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6162",
"datePublished": "2006-11-29T01:00:00",
"dateReserved": "2006-11-28T00:00:00",
"dateUpdated": "2024-08-07T20:19:34.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7290
Vulnerability from cvelistv5
Published
2018-03-09 20:00
Modified
2024-08-05 06:24
Severity ?
EPSS score ?
Summary
Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/p/tikiwiki/code/65537 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2018/03/08/5 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/tikiwiki/code/65537"
},
{
"name": "[oss-security] 20180308 CVE-2018-7290: Stored XSS vulnerability in Tiki \u003c= 18",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/03/08/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-09T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/tikiwiki/code/65537"
},
{
"name": "[oss-security] 20180308 CVE-2018-7290: Stored XSS vulnerability in Tiki \u003c= 18",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/03/08/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/tikiwiki/code/65537",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/tikiwiki/code/65537"
},
{
"name": "[oss-security] 20180308 CVE-2018-7290: Stored XSS vulnerability in Tiki \u003c= 18",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/03/08/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7290",
"datePublished": "2018-03-09T20:00:00",
"dateReserved": "2018-02-21T00:00:00",
"dateUpdated": "2024-08-05T06:24:11.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6457
Vulnerability from cvelistv5
Published
2006-12-11 17:00
Modified
2024-08-07 20:26
Severity ?
EPSS score ?
Summary
tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/452639/100/200/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061125 Re: tikiwiki 1.9.5 mysql password disclosure \u0026 xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/452639/100/200/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061125 Re: tikiwiki 1.9.5 mysql password disclosure \u0026 xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/452639/100/200/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061125 Re: tikiwiki 1.9.5 mysql password disclosure \u0026 xss",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452639/100/200/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6457",
"datePublished": "2006-12-11T17:00:00",
"dateReserved": "2006-12-11T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1204
Vulnerability from cvelistv5
Published
2009-04-01 01:00
Modified
2024-08-07 05:04
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan_pages.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=2359&trackerId=5&show=view&reloff=3&cant=1229&status=o&trackerId=5&sort_mode=created_desc | x_refsource_CONFIRM | |
| http://info.tikiwiki.org/tiki-read_article.php?articleId=51 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/34107 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/34108 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/501702/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/34105 | vdb-entry, x_refsource_BID | |
| http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup | x_refsource_CONFIRM | |
| http://secunia.com/advisories/34273 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/34106 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=2359\u0026trackerId=5\u0026show=view\u0026reloff=3\u0026cant=1229\u0026status=o\u0026trackerId=5\u0026sort_mode=created_desc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=51"
},
{
"name": "34107",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34107"
},
{
"name": "34108",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34108"
},
{
"name": "20090312 TikiWiki 2.2 XSS Vulnerability in URI",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501702/100/0/threaded"
},
{
"name": "34105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34105"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup"
},
{
"name": "34273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34273"
},
{
"name": "34106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan_pages.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=2359\u0026trackerId=5\u0026show=view\u0026reloff=3\u0026cant=1229\u0026status=o\u0026trackerId=5\u0026sort_mode=created_desc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=51"
},
{
"name": "34107",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34107"
},
{
"name": "34108",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34108"
},
{
"name": "20090312 TikiWiki 2.2 XSS Vulnerability in URI",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501702/100/0/threaded"
},
{
"name": "34105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34105"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup"
},
{
"name": "34273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34273"
},
{
"name": "34106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan_pages.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=2359\u0026trackerId=5\u0026show=view\u0026reloff=3\u0026cant=1229\u0026status=o\u0026trackerId=5\u0026sort_mode=created_desc",
"refsource": "CONFIRM",
"url": "http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=2359\u0026trackerId=5\u0026show=view\u0026reloff=3\u0026cant=1229\u0026status=o\u0026trackerId=5\u0026sort_mode=created_desc"
},
{
"name": "http://info.tikiwiki.org/tiki-read_article.php?articleId=51",
"refsource": "CONFIRM",
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=51"
},
{
"name": "34107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34107"
},
{
"name": "34108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34108"
},
{
"name": "20090312 TikiWiki 2.2 XSS Vulnerability in URI",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501702/100/0/threaded"
},
{
"name": "34105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34105"
},
{
"name": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup",
"refsource": "CONFIRM",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup"
},
{
"name": "34273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34273"
},
{
"name": "34106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1204",
"datePublished": "2009-04-01T01:00:00",
"dateReserved": "2009-03-31T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5318
Vulnerability from cvelistv5
Published
2008-12-03 18:00
Modified
2024-08-07 10:49
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/50058 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/31857 | vdb-entry, x_refsource_BID | |
| http://info.tikiwiki.org/tiki-read_article.php?articleId=41 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/2889 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/32341 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46029 | vdb-entry, x_refsource_XF | |
| http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50058",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/50058"
},
{
"name": "31857",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31857"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=41"
},
{
"name": "ADV-2008-2889",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2889"
},
{
"name": "32341",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32341"
},
{
"name": "tikiwikicms-multiple-unspecified-variant2(46029)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46029"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to \"size of user-provided input,\" a different issue than CVE-2008-3653."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "50058",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/50058"
},
{
"name": "31857",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31857"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=41"
},
{
"name": "ADV-2008-2889",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2889"
},
{
"name": "32341",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32341"
},
{
"name": "tikiwikicms-multiple-unspecified-variant2(46029)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46029"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to \"size of user-provided input,\" a different issue than CVE-2008-3653."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50058",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50058"
},
{
"name": "31857",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31857"
},
{
"name": "http://info.tikiwiki.org/tiki-read_article.php?articleId=41",
"refsource": "CONFIRM",
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=41"
},
{
"name": "ADV-2008-2889",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2889"
},
{
"name": "32341",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32341"
},
{
"name": "tikiwikicms-multiple-unspecified-variant2(46029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46029"
},
{
"name": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup",
"refsource": "CONFIRM",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5318",
"datePublished": "2008-12-03T18:00:00",
"dateReserved": "2008-12-03T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-14924
Vulnerability from cvelistv5
Published
2017-09-29 07:00
Modified
2024-08-05 19:42
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwall.com/lists/oss-security/2017/09/28/13 | x_refsource_MISC | |
| https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released | x_refsource_MISC | |
| https://sourceforge.net/p/tikiwiki/code/63829 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/09/28/13"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/tikiwiki/code/63829"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-29T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/09/28/13"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/tikiwiki/code/63829"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openwall.com/lists/oss-security/2017/09/28/13",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/09/28/13"
},
{
"name": "https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released",
"refsource": "MISC",
"url": "https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released"
},
{
"name": "https://sourceforge.net/p/tikiwiki/code/63829",
"refsource": "MISC",
"url": "https://sourceforge.net/p/tikiwiki/code/63829"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14924",
"datePublished": "2017-09-29T07:00:00",
"dateReserved": "2017-09-29T00:00:00",
"dateUpdated": "2024-08-05T19:42:22.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1574
Vulnerability from cvelistv5
Published
2009-08-24 10:00
Modified
2024-08-08 02:35
Severity ?
EPSS score ?
Summary
TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/14170 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/40347 | vdb-entry, x_refsource_XF | |
| http://sourceforge.net/tracker/index.php?func=detail&aid=748739&group_id=64258&atid=506846 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:16.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14170",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14170"
},
{
"name": "tikiwiki-username-security-byass(40347)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40347"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=748739\u0026group_id=64258\u0026atid=506846"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer \"Remember Me\" feature. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14170",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14170"
},
{
"name": "tikiwiki-username-security-byass(40347)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40347"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=748739\u0026group_id=64258\u0026atid=506846"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer \"Remember Me\" feature. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14170",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14170"
},
{
"name": "tikiwiki-username-security-byass(40347)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40347"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=748739\u0026group_id=64258\u0026atid=506846",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=748739\u0026group_id=64258\u0026atid=506846"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1574",
"datePublished": "2009-08-24T10:00:00",
"dateReserved": "2009-08-23T00:00:00",
"dateUpdated": "2024-08-08T02:35:16.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1133
Vulnerability from cvelistv5
Published
2010-03-26 21:00
Modified
2024-08-07 01:14
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38608 | vdb-entry, x_refsource_BID | |
| http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases | x_refsource_CONFIRM | |
| http://secunia.com/advisories/38896 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/62800 | vdb-entry, x_refsource_OSVDB | |
| http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25435 | x_refsource_CONFIRM | |
| http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25424 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56769 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38608",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38608"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"name": "38896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38896"
},
{
"name": "62800",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25435"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25424"
},
{
"name": "tikiwiki-unknown-input-sql-injection(56769)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56769"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38608",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38608"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"name": "38896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38896"
},
{
"name": "62800",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25435"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25424"
},
{
"name": "tikiwiki-unknown-input-sql-injection(56769)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56769"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38608"
},
{
"name": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases",
"refsource": "CONFIRM",
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"name": "38896",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38896"
},
{
"name": "62800",
"refsource": "OSVDB",
"url": "http://osvdb.org/62800"
},
{
"name": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25435",
"refsource": "CONFIRM",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25435"
},
{
"name": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25424",
"refsource": "CONFIRM",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25424"
},
{
"name": "tikiwiki-unknown-input-sql-injection(56769)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56769"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1133",
"datePublished": "2010-03-26T21:00:00",
"dateReserved": "2010-03-26T00:00:00",
"dateUpdated": "2024-08-07T01:14:06.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5321
Vulnerability from cvelistv5
Published
2012-10-08 18:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection."
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/48102 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1026708 | vdb-entry, x_refsource_SECTRACK | |
| http://st2tea.blogspot.com/2012/02/tiki-wiki-cms-groupware-frame-injection.html | x_refsource_MISC | |
| http://osvdb.org/79409 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/73403 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/52079 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:46.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48102",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48102"
},
{
"name": "1026708",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026708"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://st2tea.blogspot.com/2012/02/tiki-wiki-cms-groupware-frame-injection.html"
},
{
"name": "79409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/79409"
},
{
"name": "tikiwiki-tikifeaturedlink-open-redirect(73403)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73403"
},
{
"name": "52079",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52079"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka \"frame injection.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48102",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48102"
},
{
"name": "1026708",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026708"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://st2tea.blogspot.com/2012/02/tiki-wiki-cms-groupware-frame-injection.html"
},
{
"name": "79409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/79409"
},
{
"name": "tikiwiki-tikifeaturedlink-open-redirect(73403)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73403"
},
{
"name": "52079",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52079"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka \"frame injection.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48102",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48102"
},
{
"name": "1026708",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026708"
},
{
"name": "http://st2tea.blogspot.com/2012/02/tiki-wiki-cms-groupware-frame-injection.html",
"refsource": "MISC",
"url": "http://st2tea.blogspot.com/2012/02/tiki-wiki-cms-groupware-frame-injection.html"
},
{
"name": "79409",
"refsource": "OSVDB",
"url": "http://osvdb.org/79409"
},
{
"name": "tikiwiki-tikifeaturedlink-open-redirect(73403)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73403"
},
{
"name": "52079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52079"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5321",
"datePublished": "2012-10-08T18:00:00",
"dateReserved": "2012-10-08T00:00:00",
"dateUpdated": "2024-08-06T21:05:46.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4715
Vulnerability from cvelistv5
Published
2013-11-06 11:00
Modified
2024-09-16 20:57
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000100 | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN75720314/index.html | third-party-advisory, x_refsource_JVN | |
| http://info.tiki.org/article221-New-Versions-of-all-supported-versions-of-Tiki-Wiki-CMS-Groupware | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2013-000100",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000100"
},
{
"name": "JVN#75720314",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN75720314/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://info.tiki.org/article221-New-Versions-of-all-supported-versions-of-Tiki-Wiki-CMS-Groupware"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-06T11:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2013-000100",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000100"
},
{
"name": "JVN#75720314",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN75720314/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://info.tiki.org/article221-New-Versions-of-all-supported-versions-of-Tiki-Wiki-CMS-Groupware"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-4715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2013-000100",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000100"
},
{
"name": "JVN#75720314",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN75720314/index.html"
},
{
"name": "http://info.tiki.org/article221-New-Versions-of-all-supported-versions-of-Tiki-Wiki-CMS-Groupware",
"refsource": "CONFIRM",
"url": "http://info.tiki.org/article221-New-Versions-of-all-supported-versions-of-Tiki-Wiki-CMS-Groupware"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-4715",
"datePublished": "2013-11-06T11:00:00Z",
"dateReserved": "2013-06-26T00:00:00Z",
"dateUpdated": "2024-09-16T20:57:40.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-14925
Vulnerability from cvelistv5
Published
2017-09-29 07:00
Modified
2024-08-05 19:42
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwall.com/lists/oss-security/2017/09/28/13 | x_refsource_MISC | |
| https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released | x_refsource_MISC | |
| https://sourceforge.net/p/tikiwiki/code/63872 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/09/28/13"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/tikiwiki/code/63872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-29T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/09/28/13"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/tikiwiki/code/63872"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openwall.com/lists/oss-security/2017/09/28/13",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/09/28/13"
},
{
"name": "https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released",
"refsource": "MISC",
"url": "https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released"
},
{
"name": "https://sourceforge.net/p/tikiwiki/code/63872",
"refsource": "MISC",
"url": "https://sourceforge.net/p/tikiwiki/code/63872"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14925",
"datePublished": "2017-09-29T07:00:00",
"dateReserved": "2017-09-29T00:00:00",
"dateUpdated": "2024-08-05T19:42:22.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3529
Vulnerability from cvelistv5
Published
2005-11-20 22:00
Modified
2024-08-07 23:17
Severity ?
EPSS score ?
Summary
tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/17521 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/416152/30/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2005/2376 | vdb-entry, x_refsource_VUPEN | |
| http://www.osvdb.org/20711 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/165 | third-party-advisory, x_refsource_SREASON | |
| http://moritz-naumann.com/adv/0003/tikiw/0003.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:22.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17521",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17521"
},
{
"name": "20051109 Multiple security issues in TikiWiki 1.9.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/416152/30/0/threaded"
},
{
"name": "ADV-2005-2376",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2376"
},
{
"name": "20711",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20711"
},
{
"name": "165",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/165"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moritz-naumann.com/adv/0003/tikiw/0003.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17521",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17521"
},
{
"name": "20051109 Multiple security issues in TikiWiki 1.9.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/416152/30/0/threaded"
},
{
"name": "ADV-2005-2376",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2376"
},
{
"name": "20711",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20711"
},
{
"name": "165",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/165"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moritz-naumann.com/adv/0003/tikiw/0003.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17521",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17521"
},
{
"name": "20051109 Multiple security issues in TikiWiki 1.9.x",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/416152/30/0/threaded"
},
{
"name": "ADV-2005-2376",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2376"
},
{
"name": "20711",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20711"
},
{
"name": "165",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/165"
},
{
"name": "http://moritz-naumann.com/adv/0003/tikiw/0003.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0003/tikiw/0003.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3529",
"datePublished": "2005-11-20T22:00:00",
"dateReserved": "2005-11-09T00:00:00",
"dateUpdated": "2024-08-07T23:17:22.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10143
Vulnerability from cvelistv5
Published
2017-01-20 08:39
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96787 | vdb-entry, x_refsource_BID | |
| https://dev.tiki.org/item6174 | x_refsource_CONFIRM | |
| https://sourceforge.net/p/tikiwiki/code/60308/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:42.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96787"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dev.tiki.org/item6174"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/tikiwiki/code/60308/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-13T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96787"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dev.tiki.org/item6174"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/tikiwiki/code/60308/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96787"
},
{
"name": "https://dev.tiki.org/item6174",
"refsource": "CONFIRM",
"url": "https://dev.tiki.org/item6174"
},
{
"name": "https://sourceforge.net/p/tikiwiki/code/60308/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/tikiwiki/code/60308/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10143",
"datePublished": "2017-01-20T08:39:00",
"dateReserved": "2017-01-15T00:00:00",
"dateUpdated": "2024-08-06T03:14:42.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1923
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/10100 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=108180073206947&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/11344 | third-party-advisory, x_refsource_SECUNIA | |
| http://tikiwiki.org/tiki-read_article.php?articleId=66 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15847 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10100",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"name": "20040412 Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"name": "11344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11344"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"name": "tikiwiki-path-disclosure(15847)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15847"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10100",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"name": "20040412 Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"name": "11344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11344"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"name": "tikiwiki-path-disclosure(15847)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15847"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10100"
},
{
"name": "20040412 Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"name": "11344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11344"
},
{
"name": "http://tikiwiki.org/tiki-read_article.php?articleId=66",
"refsource": "CONFIRM",
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"name": "tikiwiki-path-disclosure(15847)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15847"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1923",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3048
Vulnerability from cvelistv5
Published
2006-06-16 10:00
Modified
2024-08-07 18:16
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/20850 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/18421 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/20648 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27146 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/437017/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/1102 | third-party-advisory, x_refsource_SREASON | |
| http://www.vupen.com/english/advisories/2006/2349 | vdb-entry, x_refsource_VUPEN | |
| http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:05.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20850"
},
{
"name": "18421",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18421"
},
{
"name": "20648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20648"
},
{
"name": "tikiwiki-unspecified-sql-injection(27146)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27146"
},
{
"name": "20060613 TikiWiki Sql injection \u0026 XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/437017/100/0/threaded"
},
{
"name": "1102",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1102"
},
{
"name": "ADV-2006-2349",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2349"
},
{
"name": "GLSA-200606-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20850",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20850"
},
{
"name": "18421",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18421"
},
{
"name": "20648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20648"
},
{
"name": "tikiwiki-unspecified-sql-injection(27146)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27146"
},
{
"name": "20060613 TikiWiki Sql injection \u0026 XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/437017/100/0/threaded"
},
{
"name": "1102",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1102"
},
{
"name": "ADV-2006-2349",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2349"
},
{
"name": "GLSA-200606-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20850"
},
{
"name": "18421",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18421"
},
{
"name": "20648",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20648"
},
{
"name": "tikiwiki-unspecified-sql-injection(27146)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27146"
},
{
"name": "20060613 TikiWiki Sql injection \u0026 XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437017/100/0/threaded"
},
{
"name": "1102",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1102"
},
{
"name": "ADV-2006-2349",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2349"
},
{
"name": "GLSA-200606-29",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3048",
"datePublished": "2006-06-16T10:00:00",
"dateReserved": "2006-06-16T00:00:00",
"dateUpdated": "2024-08-07T18:16:05.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5683
Vulnerability from cvelistv5
Published
2007-10-26 18:00
Modified
2024-08-07 15:39
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to the password reminder page (tiki-remind_password.php), (2) IMG tags in wiki pages, and (3) the local_php parameter to db/tiki-db.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://info.tikiwiki.org/tiki-read_article.php?articleId=15 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/482801/30/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15"
},
{
"name": "20071025 TikiWiki \u003c= 1.9.8.1 Cross Site Scripting / Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482801/30/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to the password reminder page (tiki-remind_password.php), (2) IMG tags in wiki pages, and (3) the local_php parameter to db/tiki-db.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-12-21T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15"
},
{
"name": "20071025 TikiWiki \u003c= 1.9.8.1 Cross Site Scripting / Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482801/30/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to the password reminder page (tiki-remind_password.php), (2) IMG tags in wiki pages, and (3) the local_php parameter to db/tiki-db.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15",
"refsource": "CONFIRM",
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15"
},
{
"name": "20071025 TikiWiki \u003c= 1.9.8.1 Cross Site Scripting / Local File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482801/30/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5683",
"datePublished": "2007-10-26T18:00:00",
"dateReserved": "2007-10-26T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4602
Vulnerability from cvelistv5
Published
2006-09-07 00:00
Modified
2024-08-07 19:14
Severity ?
EPSS score ?
Summary
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/22100 | third-party-advisory, x_refsource_SECUNIA | |
| http://isc.sans.org/diary.php?storyid=1672 | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2006/3450 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/19819 | vdb-entry, x_refsource_BID | |
| http://tikiwiki.org/tiki-read_article.php?articleId=136 | x_refsource_CONFIRM | |
| http://www.osvdb.org/28456 | vdb-entry, x_refsource_OSVDB | |
| http://security.gentoo.org/glsa/glsa-200609-16.xml | vendor-advisory, x_refsource_GENTOO | |
| https://www.exploit-db.com/exploits/2288 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/21733 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22100",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22100"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary.php?storyid=1672"
},
{
"name": "ADV-2006-3450",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3450"
},
{
"name": "19819",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19819"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=136"
},
{
"name": "28456",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28456"
},
{
"name": "GLSA-200609-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-16.xml"
},
{
"name": "2288",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2288"
},
{
"name": "21733",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22100",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22100"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary.php?storyid=1672"
},
{
"name": "ADV-2006-3450",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3450"
},
{
"name": "19819",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19819"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=136"
},
{
"name": "28456",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28456"
},
{
"name": "GLSA-200609-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-16.xml"
},
{
"name": "2288",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2288"
},
{
"name": "21733",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22100",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22100"
},
{
"name": "http://isc.sans.org/diary.php?storyid=1672",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.php?storyid=1672"
},
{
"name": "ADV-2006-3450",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3450"
},
{
"name": "19819",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19819"
},
{
"name": "http://tikiwiki.org/tiki-read_article.php?articleId=136",
"refsource": "CONFIRM",
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=136"
},
{
"name": "28456",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28456"
},
{
"name": "GLSA-200609-16",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200609-16.xml"
},
{
"name": "2288",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2288"
},
{
"name": "21733",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4602",
"datePublished": "2006-09-07T00:00:00",
"dateReserved": "2006-09-06T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5682
Vulnerability from cvelistv5
Published
2007-10-26 18:00
Modified
2024-08-07 15:39
Severity ?
EPSS score ?
Summary
Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.sektioneins.de/advisories/SE-2007-01.txt | x_refsource_MISC | |
| http://info.tikiwiki.org/tiki-read_article.php?articleId=15 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/482908 | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/43610 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/26220 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sektioneins.de/advisories/SE-2007-01.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15"
},
{
"name": "20071029 Advisory SE-2007-01: TikiWiki Remote PHP Code Evaluation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482908"
},
{
"name": "43610",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43610"
},
{
"name": "26220",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26220"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-12-01T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sektioneins.de/advisories/SE-2007-01.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15"
},
{
"name": "20071029 Advisory SE-2007-01: TikiWiki Remote PHP Code Evaluation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482908"
},
{
"name": "43610",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43610"
},
{
"name": "26220",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26220"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sektioneins.de/advisories/SE-2007-01.txt",
"refsource": "MISC",
"url": "http://www.sektioneins.de/advisories/SE-2007-01.txt"
},
{
"name": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15",
"refsource": "CONFIRM",
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15"
},
{
"name": "20071029 Advisory SE-2007-01: TikiWiki Remote PHP Code Evaluation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482908"
},
{
"name": "43610",
"refsource": "OSVDB",
"url": "http://osvdb.org/43610"
},
{
"name": "26220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26220"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5682",
"datePublished": "2007-10-26T18:00:00",
"dateReserved": "2007-10-26T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4551
Vulnerability from cvelistv5
Published
2012-10-01 00:00
Modified
2024-09-17 04:10
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/47278 | third-party-advisory, x_refsource_SECUNIA | |
| http://info.tiki.org/article183-Tiki-Wiki-CMS-Groupware-8-2-and-6-5LTS-Security-Patches-Available | x_refsource_CONFIRM | |
| http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-07.txt | x_refsource_MISC | |
| http://www.osvdb.org/77966 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47278"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://info.tiki.org/article183-Tiki-Wiki-CMS-Groupware-8-2-and-6-5LTS-Security-Patches-Available"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-07.txt"
},
{
"name": "77966",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77966"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-01T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "47278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47278"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://info.tiki.org/article183-Tiki-Wiki-CMS-Groupware-8-2-and-6-5LTS-Security-Patches-Available"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-07.txt"
},
{
"name": "77966",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77966"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47278"
},
{
"name": "http://info.tiki.org/article183-Tiki-Wiki-CMS-Groupware-8-2-and-6-5LTS-Security-Patches-Available",
"refsource": "CONFIRM",
"url": "http://info.tiki.org/article183-Tiki-Wiki-CMS-Groupware-8-2-and-6-5LTS-Security-Patches-Available"
},
{
"name": "http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-07.txt",
"refsource": "MISC",
"url": "http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-07.txt"
},
{
"name": "77966",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77966"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4551",
"datePublished": "2012-10-01T00:00:00Z",
"dateReserved": "2011-11-27T00:00:00Z",
"dateUpdated": "2024-09-17T04:10:00.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1386
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/12110 | vdb-entry, x_refsource_BID | |
| http://tikiwiki.org/tiki-read_article.php?articleId=97 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18691 | vdb-entry, x_refsource_XF | |
| http://www.gentoo.org/security/en/glsa/glsa-200501-12.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.ciac.org/ciac/bulletins/p-084.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| http://securitytracker.com/id?1012700 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/12628 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12110",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12110"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=97"
},
{
"name": "tikiwiki-image-command-execution(18691)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18691"
},
{
"name": "GLSA-200501-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-12.xml"
},
{
"name": "P-084",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/p-084.shtml"
},
{
"name": "1012700",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012700"
},
{
"name": "12628",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/12628"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12110",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12110"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=97"
},
{
"name": "tikiwiki-image-command-execution(18691)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18691"
},
{
"name": "GLSA-200501-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-12.xml"
},
{
"name": "P-084",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/p-084.shtml"
},
{
"name": "1012700",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012700"
},
{
"name": "12628",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/12628"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12110",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12110"
},
{
"name": "http://tikiwiki.org/tiki-read_article.php?articleId=97",
"refsource": "CONFIRM",
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=97"
},
{
"name": "tikiwiki-image-command-execution(18691)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18691"
},
{
"name": "GLSA-200501-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-12.xml"
},
{
"name": "P-084",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-084.shtml"
},
{
"name": "1012700",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012700"
},
{
"name": "12628",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12628"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1386",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-28T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-36551
Vulnerability from cvelistv5
Published
2021-10-28 19:11
Modified
2024-08-04 00:54
Severity ?
EPSS score ?
Summary
TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/r0ck3t1973/xss_payload/issues/7 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/r0ck3t1973/xss_payload/issues/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-28T19:11:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/r0ck3t1973/xss_payload/issues/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/r0ck3t1973/xss_payload/issues/7",
"refsource": "MISC",
"url": "https://github.com/r0ck3t1973/xss_payload/issues/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36551",
"datePublished": "2021-10-28T19:11:12",
"dateReserved": "2021-07-12T00:00:00",
"dateUpdated": "2024-08-04T00:54:51.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4734
Vulnerability from cvelistv5
Published
2006-09-13 22:00
Modified
2024-08-07 19:23
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-g-admin_processes.php?view=log | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28869 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/19947 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/1544 | third-party-advisory, x_refsource_SREASON | |
| http://www.hackers.ir/advisories/tikiwiki.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/445790/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-g-admin_processes.php?view=log"
},
{
"name": "tikiwiki-processes-sql-injection(28869)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28869"
},
{
"name": "19947",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19947"
},
{
"name": "1544",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1544"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hackers.ir/advisories/tikiwiki.html"
},
{
"name": "20060910 Sql injection in Tikiwiki",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445790/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-g-admin_processes.php?view=log"
},
{
"name": "tikiwiki-processes-sql-injection(28869)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28869"
},
{
"name": "19947",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19947"
},
{
"name": "1544",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1544"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hackers.ir/advisories/tikiwiki.html"
},
{
"name": "20060910 Sql injection in Tikiwiki",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445790/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-g-admin_processes.php?view=log",
"refsource": "MISC",
"url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-g-admin_processes.php?view=log"
},
{
"name": "tikiwiki-processes-sql-injection(28869)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28869"
},
{
"name": "19947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19947"
},
{
"name": "1544",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1544"
},
{
"name": "http://www.hackers.ir/advisories/tikiwiki.html",
"refsource": "MISC",
"url": "http://www.hackers.ir/advisories/tikiwiki.html"
},
{
"name": "20060910 Sql injection in Tikiwiki",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445790/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4734",
"datePublished": "2006-09-13T22:00:00",
"dateReserved": "2006-09-13T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7303
Vulnerability from cvelistv5
Published
2018-02-21 20:00
Modified
2024-09-16 19:01
Severity ?
EPSS score ?
Summary
The Calendar component in Tiki 17.1 allows HTML injection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://websecnerd.blogspot.in/2018/01/tiki-wiki-cms-groupware-17.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://websecnerd.blogspot.in/2018/01/tiki-wiki-cms-groupware-17.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Calendar component in Tiki 17.1 allows HTML injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-21T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://websecnerd.blogspot.in/2018/01/tiki-wiki-cms-groupware-17.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Calendar component in Tiki 17.1 allows HTML injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://websecnerd.blogspot.in/2018/01/tiki-wiki-cms-groupware-17.html",
"refsource": "MISC",
"url": "https://websecnerd.blogspot.in/2018/01/tiki-wiki-cms-groupware-17.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7303",
"datePublished": "2018-02-21T20:00:00Z",
"dateReserved": "2018-02-21T00:00:00Z",
"dateUpdated": "2024-09-16T19:01:06.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5319
Vulnerability from cvelistv5
Published
2008-12-03 18:00
Modified
2024-08-07 10:49
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/50058 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/31857 | vdb-entry, x_refsource_BID | |
| http://info.tikiwiki.org/tiki-read_article.php?articleId=41 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/2889 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/32341 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47106 | vdb-entry, x_refsource_XF | |
| http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50058",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/50058"
},
{
"name": "31857",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31857"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=41"
},
{
"name": "ADV-2008-2889",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2889"
},
{
"name": "32341",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32341"
},
{
"name": "tikiwikicms-tikierror-unspecified(47106)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "50058",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/50058"
},
{
"name": "31857",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31857"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=41"
},
{
"name": "ADV-2008-2889",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2889"
},
{
"name": "32341",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32341"
},
{
"name": "tikiwikicms-tikierror-unspecified(47106)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50058",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50058"
},
{
"name": "31857",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31857"
},
{
"name": "http://info.tikiwiki.org/tiki-read_article.php?articleId=41",
"refsource": "CONFIRM",
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=41"
},
{
"name": "ADV-2008-2889",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2889"
},
{
"name": "32341",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32341"
},
{
"name": "tikiwikicms-tikierror-unspecified(47106)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47106"
},
{
"name": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup",
"refsource": "CONFIRM",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5319",
"datePublished": "2008-12-03T18:00:00",
"dateReserved": "2008-12-03T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5702
Vulnerability from cvelistv5
Published
2006-11-04 01:00
Modified
2024-08-07 19:55
Severity ?
EPSS score ?
Summary
Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/4316 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/450268/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29960 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/22678 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/23039 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-200611-11.xml | vendor-advisory, x_refsource_GENTOO | |
| http://securityreason.com/securityalert/1816 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/20858 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:54.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4316"
},
{
"name": "20061101 tikiwiki 1.9.5 mysql password disclosure \u0026 xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/450268/100/0/threaded"
},
{
"name": "tikiwiki-password-info-disclosure(29960)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29960"
},
{
"name": "22678",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22678"
},
{
"name": "23039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23039"
},
{
"name": "GLSA-200611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-11.xml"
},
{
"name": "1816",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1816"
},
{
"name": "20858",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20858"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-4316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4316"
},
{
"name": "20061101 tikiwiki 1.9.5 mysql password disclosure \u0026 xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/450268/100/0/threaded"
},
{
"name": "tikiwiki-password-info-disclosure(29960)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29960"
},
{
"name": "22678",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22678"
},
{
"name": "23039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23039"
},
{
"name": "GLSA-200611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-11.xml"
},
{
"name": "1816",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1816"
},
{
"name": "20858",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20858"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4316"
},
{
"name": "20061101 tikiwiki 1.9.5 mysql password disclosure \u0026 xss",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450268/100/0/threaded"
},
{
"name": "tikiwiki-password-info-disclosure(29960)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29960"
},
{
"name": "22678",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22678"
},
{
"name": "23039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23039"
},
{
"name": "GLSA-200611-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200611-11.xml"
},
{
"name": "1816",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1816"
},
{
"name": "20858",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20858"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5702",
"datePublished": "2006-11-04T01:00:00",
"dateReserved": "2006-11-03T00:00:00",
"dateUpdated": "2024-08-07T19:55:54.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4299
Vulnerability from cvelistv5
Published
2006-08-23 01:00
Modified
2024-08-07 19:06
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/19654 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/22100 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/3351 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28498 | vdb-entry, x_refsource_XF | |
| http://security.gentoo.org/glsa/glsa-200609-16.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/21536 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/28071 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19654",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19654"
},
{
"name": "22100",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22100"
},
{
"name": "ADV-2006-3351",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3351"
},
{
"name": "tikiwiki-search-xss(28498)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28498"
},
{
"name": "GLSA-200609-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-16.xml"
},
{
"name": "21536",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21536"
},
{
"name": "28071",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28071"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19654",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19654"
},
{
"name": "22100",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22100"
},
{
"name": "ADV-2006-3351",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3351"
},
{
"name": "tikiwiki-search-xss(28498)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28498"
},
{
"name": "GLSA-200609-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-16.xml"
},
{
"name": "21536",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21536"
},
{
"name": "28071",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28071"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19654",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19654"
},
{
"name": "22100",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22100"
},
{
"name": "ADV-2006-3351",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3351"
},
{
"name": "tikiwiki-search-xss(28498)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28498"
},
{
"name": "GLSA-200609-16",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200609-16.xml"
},
{
"name": "21536",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21536"
},
{
"name": "28071",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28071"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4299",
"datePublished": "2006-08-23T01:00:00",
"dateReserved": "2006-08-22T00:00:00",
"dateUpdated": "2024-08-07T19:06:06.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6163
Vulnerability from cvelistv5
Published
2006-11-29 01:00
Modified
2024-08-07 20:19
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/4709 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:34.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50\u0026r2=1.157.2.51"
},
{
"name": "ADV-2006-4709",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4709"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50\u0026r2=1.157.2.51"
},
{
"name": "ADV-2006-4709",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4709"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50\u0026r2=1.157.2.51",
"refsource": "CONFIRM",
"url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50\u0026r2=1.157.2.51"
},
{
"name": "ADV-2006-4709",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4709"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6163",
"datePublished": "2006-11-29T01:00:00",
"dateReserved": "2006-11-28T00:00:00",
"dateUpdated": "2024-08-07T20:19:34.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1925
Vulnerability from cvelistv5
Published
2005-11-18 11:00
Modified
2024-08-07 22:06
Severity ?
EPSS score ?
Summary
Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.idefense.com/application/poi/display?id=335&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/23099 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/15390 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/23095 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/15392 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1015190 | vdb-entry, x_refsource_SECTRACK | |
| http://www.idefense.com/application/poi/display?id=337&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051110 Tikiwiki tiki-user_preferences Command Injection Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=335\u0026type=vulnerabilities"
},
{
"name": "tikiwiki-tikiuserpreferences-dir-traversal(23099)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23099"
},
{
"name": "15390",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15390"
},
{
"name": "tikiwiki-tikieditpage-directory-traversal(23095)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23095"
},
{
"name": "15392",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15392"
},
{
"name": "1015190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015190"
},
{
"name": "20051110 Tikiwiki tiki-editpage Arbitrary File Exposure Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=337\u0026type=vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051110 Tikiwiki tiki-user_preferences Command Injection Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=335\u0026type=vulnerabilities"
},
{
"name": "tikiwiki-tikiuserpreferences-dir-traversal(23099)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23099"
},
{
"name": "15390",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15390"
},
{
"name": "tikiwiki-tikieditpage-directory-traversal(23095)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23095"
},
{
"name": "15392",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15392"
},
{
"name": "1015190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015190"
},
{
"name": "20051110 Tikiwiki tiki-editpage Arbitrary File Exposure Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=337\u0026type=vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051110 Tikiwiki tiki-user_preferences Command Injection Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=335\u0026type=vulnerabilities"
},
{
"name": "tikiwiki-tikiuserpreferences-dir-traversal(23099)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23099"
},
{
"name": "15390",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15390"
},
{
"name": "tikiwiki-tikieditpage-directory-traversal(23095)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23095"
},
{
"name": "15392",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15392"
},
{
"name": "1015190",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015190"
},
{
"name": "20051110 Tikiwiki tiki-editpage Arbitrary File Exposure Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=337\u0026type=vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1925",
"datePublished": "2005-11-18T11:00:00",
"dateReserved": "2005-06-08T00:00:00",
"dateUpdated": "2024-08-07T22:06:57.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7394
Vulnerability from cvelistv5
Published
2018-02-06 16:00
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/p/tikiwiki/code/59653/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/tikiwiki/code/59653/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "tiki wiki cms groupware \u003c=15.2 has a xss vulnerability, allow attackers steal user\u0027s cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-06T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/tikiwiki/code/59653/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tiki wiki cms groupware \u003c=15.2 has a xss vulnerability, allow attackers steal user\u0027s cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/tikiwiki/code/59653/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/tikiwiki/code/59653/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7394",
"datePublished": "2018-02-06T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5423
Vulnerability from cvelistv5
Published
2007-10-12 23:00
Modified
2024-08-07 15:31
Severity ?
EPSS score ?
Summary
tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:58.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200710-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-21.xml"
},
{
"name": "ADV-2007-3492",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3492"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityvulns.ru/Sdocument162.html"
},
{
"name": "20071010 Vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"name": "26006",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26006"
},
{
"name": "27344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27344"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195503"
},
{
"name": "40478",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40478"
},
{
"name": "3216",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3216"
},
{
"name": "tikiwiki-tikigraphformula-command-execution(37076)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37076"
},
{
"name": "20071011 Tikiwiki 1.9.8 exploit ITW",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482128/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=546283\u0026group_id=64258"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=744898"
},
{
"name": "4509",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4509"
},
{
"name": "27190",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27190"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200710-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-21.xml"
},
{
"name": "ADV-2007-3492",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3492"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityvulns.ru/Sdocument162.html"
},
{
"name": "20071010 Vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"name": "26006",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26006"
},
{
"name": "27344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27344"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195503"
},
{
"name": "40478",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40478"
},
{
"name": "3216",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3216"
},
{
"name": "tikiwiki-tikigraphformula-command-execution(37076)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37076"
},
{
"name": "20071011 Tikiwiki 1.9.8 exploit ITW",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482128/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=546283\u0026group_id=64258"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=744898"
},
{
"name": "4509",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4509"
},
{
"name": "27190",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27190"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200710-21",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-21.xml"
},
{
"name": "ADV-2007-3492",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3492"
},
{
"name": "http://securityvulns.ru/Sdocument162.html",
"refsource": "MISC",
"url": "http://securityvulns.ru/Sdocument162.html"
},
{
"name": "20071010 Vulnerabilities digest",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"name": "26006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26006"
},
{
"name": "27344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27344"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=195503",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195503"
},
{
"name": "40478",
"refsource": "OSVDB",
"url": "http://osvdb.org/40478"
},
{
"name": "3216",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3216"
},
{
"name": "tikiwiki-tikigraphformula-command-execution(37076)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37076"
},
{
"name": "20071011 Tikiwiki 1.9.8 exploit ITW",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482128/100/0/threaded"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=546283\u0026group_id=64258",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=546283\u0026group_id=64258"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=744898",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=744898"
},
{
"name": "4509",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4509"
},
{
"name": "27190",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27190"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5423",
"datePublished": "2007-10-12T23:00:00",
"dateReserved": "2007-10-12T00:00:00",
"dateUpdated": "2024-08-07T15:31:58.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1925
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4) tiki-browse_categories.php, (5) tiki-index.php, (6) tiki-user_tasks.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-file_galleries.php, (10) tiki-list_faqs.php, (11) tiki-list_trackers.php, (12) tiki-list_blogs.php, or via the offset parameter in (13) tiki-usermenu.php, (14) tiki-browse_categories.php, (15) tiki-index.php, (16) tiki-user_tasks.php, (17) tiki-list_faqs.php, (18) tiki-list_trackers.php, or (19) tiki-list_blogs.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/10100 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=108180073206947&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/11344 | third-party-advisory, x_refsource_SECUNIA | |
| http://tikiwiki.org/tiki-read_article.php?articleId=66 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15845 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10100",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"name": "20040411 Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"name": "11344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11344"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"name": "tikiwiki-sql-injection(15845)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15845"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4) tiki-browse_categories.php, (5) tiki-index.php, (6) tiki-user_tasks.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-file_galleries.php, (10) tiki-list_faqs.php, (11) tiki-list_trackers.php, (12) tiki-list_blogs.php, or via the offset parameter in (13) tiki-usermenu.php, (14) tiki-browse_categories.php, (15) tiki-index.php, (16) tiki-user_tasks.php, (17) tiki-list_faqs.php, (18) tiki-list_trackers.php, or (19) tiki-list_blogs.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10100",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"name": "20040411 Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"name": "11344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11344"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"name": "tikiwiki-sql-injection(15845)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15845"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4) tiki-browse_categories.php, (5) tiki-index.php, (6) tiki-user_tasks.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-file_galleries.php, (10) tiki-list_faqs.php, (11) tiki-list_trackers.php, (12) tiki-list_blogs.php, or via the offset parameter in (13) tiki-usermenu.php, (14) tiki-browse_categories.php, (15) tiki-index.php, (16) tiki-user_tasks.php, (17) tiki-list_faqs.php, (18) tiki-list_trackers.php, or (19) tiki-list_blogs.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10100"
},
{
"name": "20040411 Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"name": "11344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11344"
},
{
"name": "http://tikiwiki.org/tiki-read_article.php?articleId=66",
"refsource": "CONFIRM",
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"name": "tikiwiki-sql-injection(15845)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15845"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1925",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2010-03-27 19:07
Modified
2024-11-21 01:13
Severity ?
Summary
Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 4.0 | |
| tiki | tikiwiki_cms\/groupware | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03BE8241-0A3F-48E5-9917-D22CC187F650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC898854-88D0-44F7-A742-30956E99F879",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php."
},
{
"lang": "es",
"value": "Multiples vulnerabilidades de inyecci\u00f3n SQL en TikiWiki CMS/Groupware v4.x anteriores a v4.2, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s vectores no especificados, probablemente relativo a (1) tiki-searchindex.php y (2) tiki-searchresults.php."
}
],
"id": "CVE-2010-1133",
"lastModified": "2024-11-21T01:13:43.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-27T19:07:11.797",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/62800"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38896"
},
{
"source": "cve@mitre.org",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25424"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25435"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/38608"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/62800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/38608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56769"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-28 15:15
Modified
2024-11-21 01:20
Severity ?
Summary
Tiki Wiki CMS Groupware 5.2 has XSS
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2010-4240 | Broken Link | |
| secalert@redhat.com | https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xss.txt | Exploit, Third Party Advisory | |
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2010-4240 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://www.openwall.com/lists/oss-security/2010/11/22/9 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2010-4240 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xss.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-4240 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2010/11/22/9 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "395EC051-76D6-43AA-822D-4E3A65A714EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tiki Wiki CMS Groupware 5.2 has XSS"
},
{
"lang": "es",
"value": "Tiki Wiki CMS Groupware versi\u00f3n 5.2, tiene una vulnerabilidad de tipo XSS"
}
],
"id": "CVE-2010-4240",
"lastModified": "2024-11-21T01:20:31.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-28T15:15:12.693",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4240"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xss.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4240"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-27 22:46
Modified
2024-11-21 00:40
Severity ?
Summary
Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 1.6.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.2 | |
| tiki | tikiwiki_cms\/groupware | 1.9.3 | |
| tiki | tikiwiki_cms\/groupware | 1.9.4 | |
| tiki | tikiwiki_cms\/groupware | 1.9.5 | |
| tiki | tikiwiki_cms\/groupware | 1.9.6 | |
| tiki | tikiwiki_cms\/groupware | 1.9.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C5F236-CF41-4783-901B-E76F615E0F61",
"versionEndIncluding": "1.9.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04CA9500-8F56-40DC-A6C4-F9964EFCD4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B13501C0-3322-4D0C-8F7F-12535C76CB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6FB63DA4-E9B5-4BDF-A4E5-54F4EE4E94AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ADE04A29-E90B-41E1-A8B4-462B54C079B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2540703B-63B8-41F4-A17A-0274A7DE7E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1489E8DC-11E7-49A3-84FF-909954147D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "035EEFAB-B46C-407F-BF8C-B33756D4EEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "127349FA-B76D-402A-B688-F2F44024FA11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "175D43FD-450F-443E-831B-B8091BE7054F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2F437662-CD55-477B-9FEE-0CC4E6CB908D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB235741-1FDA-4C90-BD6A-22D18D57D240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "62C09D81-AA53-4E82-BEA6-D321D95D2E0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en tiki-listmovies.php en TikiWiki versiones anteriores a 1.9.9 permite a atacantes remotos leer ficheros de su elecci\u00f3n mediante un .. (punto punto) y un nombre de fichero modificado en el par\u00e1metro movie."
}
],
"id": "CVE-2007-6528",
"lastModified": "2024-11-21T00:40:22.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-12-27T22:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/41178"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28225"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28602"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-10.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3484"
},
{
"source": "cve@mitre.org",
"url": "http://tikiwiki.org/ReleaseProcess199"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/485482/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/27008"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/41178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tikiwiki.org/ReleaseProcess199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485482/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/27008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4942"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-04-11 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php, (3) flag, priority, flagval, sort_mode, or find parameters to messu-read.php, (4) articleId parameter to tiki-read_article.php, (5) parentId parameter to tiki-browse_categories.php, (6) comments_threshold parameter to tiki-index.php (7) articleId parameter to tiki-print_article.php, (8) galleryId parameter to tiki-list_file_gallery.php, (9) galleryId parameter to tiki-upload_file.php, (10) faqId parameter to tiki-view_faq.php, (11) chartId parameter to tiki-view_chart.php, or (12) surveyId parameter to tiki-survey_stats_survey.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 1.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10BE27BB-E5CF-4136-83D0-03A2BEBC10EB",
"versionEndIncluding": "1.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04CA9500-8F56-40DC-A6C4-F9964EFCD4F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php, (3) flag, priority, flagval, sort_mode, or find parameters to messu-read.php, (4) articleId parameter to tiki-read_article.php, (5) parentId parameter to tiki-browse_categories.php, (6) comments_threshold parameter to tiki-index.php (7) articleId parameter to tiki-print_article.php, (8) galleryId parameter to tiki-list_file_gallery.php, (9) galleryId parameter to tiki-upload_file.php, (10) faqId parameter to tiki-view_faq.php, (11) chartId parameter to tiki-view_chart.php, or (12) surveyId parameter to tiki-survey_stats_survey.php."
}
],
"id": "CVE-2004-1924",
"lastModified": "2024-11-20T23:52:04.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-04-11T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11344"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15846"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-22 13:15
Modified
2024-11-21 04:28
Severity ?
Summary
tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://pastebin.com/wEM7rnG7 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pastebin.com/wEM7rnG7 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 18.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A17AEAD5-51BA-43C7-A418-F1B42BAEAC0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display\u0026fileId= URI."
},
{
"lang": "es",
"value": "El archivo tiki/tiki-upload_file.php en Tiki versi\u00f3n 18.4, permite a atacantes remotos cargar c\u00f3digo JavaScript que es ejecutado al visitar un URI tiki/tiki-download_file.php?display\u0026fileId=."
}
],
"id": "CVE-2019-15314",
"lastModified": "2024-11-21T04:28:25.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-22T13:15:13.013",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pastebin.com/wEM7rnG7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pastebin.com/wEM7rnG7"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-04-11 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 1.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10BE27BB-E5CF-4136-83D0-03A2BEBC10EB",
"versionEndIncluding": "1.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04CA9500-8F56-40DC-A6C4-F9964EFCD4F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message."
}
],
"id": "CVE-2004-1923",
"lastModified": "2024-11-20T23:52:04.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-11T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11344"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15847"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-26 18:46
Modified
2024-11-21 00:38
Severity ?
Summary
Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 1.6.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.2 | |
| tiki | tikiwiki_cms\/groupware | 1.9.3 | |
| tiki | tikiwiki_cms\/groupware | 1.9.4 | |
| tiki | tikiwiki_cms\/groupware | 1.9.5 | |
| tiki | tikiwiki_cms\/groupware | 1.9.6 | |
| tiki | tikiwiki_cms\/groupware | 1.9.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C5F236-CF41-4783-901B-E76F615E0F61",
"versionEndIncluding": "1.9.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04CA9500-8F56-40DC-A6C4-F9964EFCD4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B13501C0-3322-4D0C-8F7F-12535C76CB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6FB63DA4-E9B5-4BDF-A4E5-54F4EE4E94AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ADE04A29-E90B-41E1-A8B4-462B54C079B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2540703B-63B8-41F4-A17A-0274A7DE7E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1489E8DC-11E7-49A3-84FF-909954147D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "035EEFAB-B46C-407F-BF8C-B33756D4EEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "127349FA-B76D-402A-B688-F2F44024FA11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "175D43FD-450F-443E-831B-B8091BE7054F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2F437662-CD55-477B-9FEE-0CC4E6CB908D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB235741-1FDA-4C90-BD6A-22D18D57D240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "62C09D81-AA53-4E82-BEA6-D321D95D2E0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423."
},
{
"lang": "es",
"value": "Una vulnerabilidad de lista negra incompleta en el archivo tiki-graph_formula.php en TikiWiki versiones anteriores a 1.9.8.2, permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante el uso de funciones variables y variables variantes para escribir variables cuyos nombres coincidan con la lista blanca, una vulnerabilidad diferente de CVE-2007-5423."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nTikiWiki, TikiWiki, 1.9.8.2",
"id": "CVE-2007-5682",
"lastModified": "2024-11-21T00:38:27.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-26T18:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/43610"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/482908"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26220"
},
{
"source": "cve@mitre.org",
"url": "http://www.sektioneins.de/advisories/SE-2007-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/43610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/482908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sektioneins.de/advisories/SE-2007-01.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-13 01:41
Modified
2024-11-21 00:49
Severity ?
Summary
Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 1.6.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.2 | |
| tiki | tikiwiki_cms\/groupware | 1.9.3 | |
| tiki | tikiwiki_cms\/groupware | 1.9.4 | |
| tiki | tikiwiki_cms\/groupware | 1.9.5 | |
| tiki | tikiwiki_cms\/groupware | 1.9.6 | |
| tiki | tikiwiki_cms\/groupware | 1.9.7 | |
| tiki | tikiwiki_cms\/groupware | 1.9.8 | |
| tiki | tikiwiki_cms\/groupware | 1.9.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E2D7393-C196-4B8B-AC1D-8C082AFCF9D1",
"versionEndIncluding": "1.9.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04CA9500-8F56-40DC-A6C4-F9964EFCD4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B13501C0-3322-4D0C-8F7F-12535C76CB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6FB63DA4-E9B5-4BDF-A4E5-54F4EE4E94AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ADE04A29-E90B-41E1-A8B4-462B54C079B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2540703B-63B8-41F4-A17A-0274A7DE7E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1489E8DC-11E7-49A3-84FF-909954147D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "035EEFAB-B46C-407F-BF8C-B33756D4EEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "127349FA-B76D-402A-B688-F2F44024FA11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "175D43FD-450F-443E-831B-B8091BE7054F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2F437662-CD55-477B-9FEE-0CC4E6CB908D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB235741-1FDA-4C90-BD6A-22D18D57D240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "62C09D81-AA53-4E82-BEA6-D321D95D2E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE1CDD1-27F1-456C-933E-24219E6190CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50BC0034-F043-41EC-AF00-E3DC739A31F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain \"path and PHP configuration\" via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en TikiWiki CMS/Groupware antes de 2.0 permite a atacantes obtener \"la ruta y la configuraci\u00f3n PHP\" mediante vectores desconocidos."
}
],
"id": "CVE-2008-3654",
"lastModified": "2024-11-21T00:49:47.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-13T01:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=35"
},
{
"source": "cve@mitre.org",
"url": "http://tikiwiki.org/ReleaseNotes20"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tikiwiki.org/ReleaseNotes20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44421"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-01 00:55
Modified
2024-11-21 01:32
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B46BEABB-4839-4D11-AF0C-E2E7CA5190BA",
"versionEndIncluding": "8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5160514-D8C3-458A-B3A6-24CD4FB96BD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "481CEC51-C828-4AB7-9745-824B5D529D40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3F664D-C59E-4033-805B-BB3C85528091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "457AEABE-F6C1-459A-883E-4D4F0DD8D441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4401BA0E-5F63-405C-8C42-C2E1E4C45306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "69930A94-2008-4259-B2BE-BD159B1FD6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4DB362-E012-4A97-8EA4-9589D2811C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:4:*:*:*:*:*:*:*",
"matchCriteriaId": "4EC5B2D3-63D9-414D-92C2-4423CA525C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03BE8241-0A3F-48E5-9917-D22CC187F650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC898854-88D0-44F7-A742-30956E99F879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69CBF74D-A845-4461-8673-B3616339BD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74F3472D-158E-439A-BBAA-9DB8677C97B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "197A8FDC-2474-4FB8-80E1-10A898D4CDCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "395EC051-76D6-43AA-822D-4E3A65A714EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EC0F2A72-FF54-4CB6-8456-35AC90945720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA7EADB-82F1-4A28-8AF8-17F6BCFD4E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72AE1516-6085-4505-93EF-AFC8B7FEB357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "07C509BE-1B02-441E-9CA2-E568B39976DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "856C2298-D9AB-4947-B7A2-5457F7BA3BDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F91FDFE-D9F0-4839-B5A5-4F6400F2880A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FB6C008-CC5D-4EBF-A2DF-688840C45FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB2F4E7-FC71-4DB5-BDC4-9069E20C5C9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:-:lts:*:*:*:*:*",
"matchCriteriaId": "F3237496-CE94-4CDC-B88A-F6C04F0063EC",
"versionEndIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en tiki-cookie-jar.php en TikiWiki CMS/Groupware, antes de v8.2 y LTS antes de v6.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de par\u00e1metros de su elecci\u00f3n."
}
],
"id": "CVE-2011-4551",
"lastModified": "2024-11-21T01:32:31.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-10-01T00:55:00.853",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://info.tiki.org/article183-Tiki-Wiki-CMS-Groupware-8-2-and-6-5LTS-Security-Patches-Available"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47278"
},
{
"source": "cve@mitre.org",
"url": "http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-07.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/77966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://info.tiki.org/article183-Tiki-Wiki-CMS-Groupware-8-2-and-6-5LTS-Security-Patches-Available"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-07.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77966"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-13 22:07
Modified
2024-11-21 00:16
Severity ?
Summary
Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 1.9.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "175D43FD-450F-443E-831B-B8091BE7054F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en tiki-g-admin_processes.php en Tikiwiki 1.9.4 permiten a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante los par\u00e1metros (1) pid y (2) where."
}
],
"id": "CVE-2006-4734",
"lastModified": "2024-11-21T00:16:38.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-13T22:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1544"
},
{
"source": "cve@mitre.org",
"url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-g-admin_processes.php?view=log"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.hackers.ir/advisories/tikiwiki.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/445790/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19947"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-g-admin_processes.php?view=log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.hackers.ir/advisories/tikiwiki.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/445790/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28869"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-26 13:29
Modified
2024-11-21 03:35
Severity ?
Summary
TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sourceforge.net/p/tikiwiki/code/62386 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/tikiwiki/code/62386 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 12.0 | |
| tiki | tikiwiki_cms\/groupware | 12.1 | |
| tiki | tikiwiki_cms\/groupware | 12.2 | |
| tiki | tikiwiki_cms\/groupware | 12.3 | |
| tiki | tikiwiki_cms\/groupware | 12.4 | |
| tiki | tikiwiki_cms\/groupware | 12.5 | |
| tiki | tikiwiki_cms\/groupware | 12.6 | |
| tiki | tikiwiki_cms\/groupware | 12.7 | |
| tiki | tikiwiki_cms\/groupware | 12.8 | |
| tiki | tikiwiki_cms\/groupware | 12.9 | |
| tiki | tikiwiki_cms\/groupware | 13.0 | |
| tiki | tikiwiki_cms\/groupware | 13.1 | |
| tiki | tikiwiki_cms\/groupware | 13.2 | |
| tiki | tikiwiki_cms\/groupware | 14.0 | |
| tiki | tikiwiki_cms\/groupware | 14.1 | |
| tiki | tikiwiki_cms\/groupware | 15.0 | |
| tiki | tikiwiki_cms\/groupware | 15.1 | |
| tiki | tikiwiki_cms\/groupware | 15.2 | |
| tiki | tikiwiki_cms\/groupware | 15.3 | |
| tiki | tikiwiki_cms\/groupware | 15.4 | |
| tiki | tikiwiki_cms\/groupware | 16.0 | |
| tiki | tikiwiki_cms\/groupware | 16.1 | |
| tiki | tikiwiki_cms\/groupware | 16.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A6F598-D08E-4678-BDC8-ED54AC8CFD82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "322FA36F-E1E4-4502-87E0-996109A62B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D47BD31-97FC-4852-88D1-8658AB4C42A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AE735FE-550A-4B8D-A5D1-7D75B03754E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BCEC2B4E-E288-4D5E-983F-6FD52F84635F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8A45E65C-6162-4640-9B6E-F684086C88BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D55AAF44-F281-4947-B077-ADDC11728036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "56F231E7-D1D8-4BD7-99F8-2289A88E7A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A092086B-1CD1-422E-9A0F-87D2D04037A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.9:*:lts:*:*:*:*:*",
"matchCriteriaId": "EA5ED475-1724-47C1-8827-1AC36BB98660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B721A45-35FD-4F67-A60C-7F9FAA3EBA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43BFF3E8-7D7E-439B-B174-D682A5AC0CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C11FD38C-0344-45A4-8A26-5E95B26D006E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1152747A-9219-41B4-8F46-1664D51B2D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF977162-9267-4D3F-9B41-E5F11FC478CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4FDC15BB-00E6-4540-8406-F0AA9C5E9178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC4E1B6-E1E9-41D6-98B0-F2976D408D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F88EB9F2-F9C5-4BB7-9C29-74049BB7C2DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A81ABC2-AF3F-4E01-8E80-F1BEB21C807B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D178BB1C-BFB8-4486-BD09-22063962634B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE0E547-2EF3-4FD8-BBC3-1EE0CFE505E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E45A2D67-4C6E-475F-8F03-00E31E2DCA06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FAA7AE-B0A7-4D61-AF86-0A09A3A20152",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS."
},
{
"lang": "es",
"value": "TikiFilter.php en Tiki Wiki CMS Groupware de las versiones 12.x hasta las 16.x no valida correctamente los par\u00e1metros imgsize o lang para evitar Cross-Site Scripting (XSS)."
}
],
"id": "CVE-2017-9145",
"lastModified": "2024-11-21T03:35:25.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-26T13:29:00.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/tikiwiki/code/62386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/tikiwiki/code/62386"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-28 15:15
Modified
2024-11-21 01:20
Severity ?
Summary
Tiki Wiki CMS Groupware 5.2 has CSRF
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2010-4241 | Broken Link | |
| secalert@redhat.com | https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt | Exploit, Third Party Advisory | |
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2010-4241 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://www.openwall.com/lists/oss-security/2010/11/22/9 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2010-4241 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-4241 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2010/11/22/9 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "395EC051-76D6-43AA-822D-4E3A65A714EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tiki Wiki CMS Groupware 5.2 has CSRF"
},
{
"lang": "es",
"value": "Tiki Wiki CMS Groupware versi\u00f3n 5.2, tiene una vulnerabilidad de tipo CSRF"
}
],
"id": "CVE-2010-4241",
"lastModified": "2024-11-21T01:20:31.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-28T15:15:12.817",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4241"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4241"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-03 18:30
Modified
2024-11-21 00:53
Severity ?
Summary
Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4003F93-8AE6-461B-BDB9-D55A1683B6B9",
"versionEndIncluding": "1.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to \"size of user-provided input,\" a different issue than CVE-2008-3653."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Tikiwiki y versiones anteriores a 2.2, con desconocido impacto y vectores de ataque relativos al \"tama\u00f1o de entrada proporcionado por el usuario\", diferente vulnerabilidad que CVE-2008-3653."
}
],
"id": "CVE-2008-5318",
"lastModified": "2024-11-21T00:53:49.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-03T18:30:00.477",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=41"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32341"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/50058"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31857"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2889"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/50058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46029"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-27 19:07
Modified
2024-11-21 01:13
Severity ?
Summary
The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 4.0 | |
| tiki | tikiwiki_cms\/groupware | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03BE8241-0A3F-48E5-9917-D22CC187F650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC898854-88D0-44F7-A742-30956E99F879",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse."
},
{
"lang": "es",
"value": "La funci\u00f3n user_logout en TikiWiki CMS/Groupware v4.x anteriores a v4.2 no borra de forma adecuada las cookies de login del usuario, lo que permite a atacantes remotos obtener acceso a traves de reutilizar la cookie."
}
],
"id": "CVE-2010-1135",
"lastModified": "2024-11-21T01:13:43.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-27T19:07:11.860",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38896"
},
{
"source": "cve@mitre.org",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25046"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/38608"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/38608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56770"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-04-11 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 1.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10BE27BB-E5CF-4136-83D0-03A2BEBC10EB",
"versionEndIncluding": "1.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04CA9500-8F56-40DC-A6C4-F9964EFCD4F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter."
}
],
"id": "CVE-2004-1927",
"lastModified": "2024-11-20T23:52:04.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-11T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11344"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15848"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-06 16:29
Modified
2024-11-21 02:57
Severity ?
Summary
tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F4C3F2A-DD24-4BAE-B6C4-E4EA76BD1BF8",
"versionEndIncluding": "15.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "tiki wiki cms groupware \u003c=15.2 has a xss vulnerability, allow attackers steal user\u0027s cookie."
},
{
"lang": "es",
"value": "tiki wiki cms groupware, en versiones iguales o anteriores a la 15.2, tiene una vulnerabilidad de XSS que permite que atacantes roben las cookies de los usuarios."
}
],
"id": "CVE-2016-7394",
"lastModified": "2024-11-21T02:57:54.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-06T16:29:00.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/tikiwiki/code/59653/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/tikiwiki/code/59653/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-28 20:15
Modified
2024-11-21 06:13
Severity ?
Summary
TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/r0ck3t1973/xss_payload/issues/7 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/r0ck3t1973/xss_payload/issues/7 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 21.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:21.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F0B82A2-9FBD-4157-9961-2F3EC8C3F1B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module."
},
{
"lang": "es",
"value": "Se ha detectado que TikiWiki versi\u00f3n v21.4 contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el componente tiki-calendar.php. Esta vulnerabilidad permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga \u00fatil dise\u00f1ada en el m\u00f3dulo Add Event"
}
],
"id": "CVE-2021-36551",
"lastModified": "2024-11-21T06:13:49.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-28T20:15:07.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/r0ck3t1973/xss_payload/issues/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/r0ck3t1973/xss_payload/issues/7"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-26 18:46
Modified
2024-11-21 00:38
Severity ?
Summary
Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded "..%2F" sequences in the imp_language parameter to tiki-imexport_languages.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 1.6.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.2 | |
| tiki | tikiwiki_cms\/groupware | 1.9.3 | |
| tiki | tikiwiki_cms\/groupware | 1.9.4 | |
| tiki | tikiwiki_cms\/groupware | 1.9.5 | |
| tiki | tikiwiki_cms\/groupware | 1.9.6 | |
| tiki | tikiwiki_cms\/groupware | 1.9.7 | |
| tiki | tikiwiki_cms\/groupware | 1.9.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2B821A-4879-423C-B2EF-811F1F0D3F90",
"versionEndIncluding": "1.9.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04CA9500-8F56-40DC-A6C4-F9964EFCD4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B13501C0-3322-4D0C-8F7F-12535C76CB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6FB63DA4-E9B5-4BDF-A4E5-54F4EE4E94AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ADE04A29-E90B-41E1-A8B4-462B54C079B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2540703B-63B8-41F4-A17A-0274A7DE7E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1489E8DC-11E7-49A3-84FF-909954147D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "035EEFAB-B46C-407F-BF8C-B33756D4EEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "127349FA-B76D-402A-B688-F2F44024FA11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "175D43FD-450F-443E-831B-B8091BE7054F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2F437662-CD55-477B-9FEE-0CC4E6CB908D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB235741-1FDA-4C90-BD6A-22D18D57D240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "62C09D81-AA53-4E82-BEA6-D321D95D2E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE1CDD1-27F1-456C-933E-24219E6190CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded \"..%2F\" sequences in the imp_language parameter to tiki-imexport_languages.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de escalado de directorio en el TikiWiki 1.9.8.1 y versiones anteriores permiten a atacantes remotos incluir y ejecutar ficheros de su elecci\u00f3n a trav\u00e9s de un nombre de ruta absoluta en los par\u00e1metros (1) error_handler_file y (2) local_php en el a) tiki-index.php, o en las secuencias (3) codificadas \"..%2F\" en el par\u00e1metro imp_language del tiki-imexport_languages.php."
}
],
"id": "CVE-2007-5684",
"lastModified": "2024-11-21T00:38:27.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-26T18:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/482801/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/482801/30/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-29 01:28
Modified
2024-11-21 00:22
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 1.6.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.2 | |
| tiki | tikiwiki_cms\/groupware | 1.9.3 | |
| tiki | tikiwiki_cms\/groupware | 1.9.4 | |
| tiki | tikiwiki_cms\/groupware | 1.9.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "255A9708-AA35-458B-8521-735D2AF7A637",
"versionEndIncluding": "1.9.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04CA9500-8F56-40DC-A6C4-F9964EFCD4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B13501C0-3322-4D0C-8F7F-12535C76CB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6FB63DA4-E9B5-4BDF-A4E5-54F4EE4E94AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ADE04A29-E90B-41E1-A8B4-462B54C079B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2540703B-63B8-41F4-A17A-0274A7DE7E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1489E8DC-11E7-49A3-84FF-909954147D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "035EEFAB-B46C-407F-BF8C-B33756D4EEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "127349FA-B76D-402A-B688-F2F44024FA11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "175D43FD-450F-443E-831B-B8091BE7054F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2F437662-CD55-477B-9FEE-0CC4E6CB908D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en tiki-setup_base.php en TikiWiki anterior a 1.9.7 permite a atacantes remotos inyectar c\u00f3digo JavaScript de su elecci\u00f3n mediante par\u00e1metros no especificados."
}
],
"id": "CVE-2006-6163",
"lastModified": "2024-11-21T00:22:02.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-29T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50\u0026r2=1.157.2.51"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50\u0026r2=1.157.2.51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4709"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-15 16:29
Modified
2024-11-21 04:02
Severity ?
Summary
In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.ripstech.com/2018/scan-verify-patch-security-issues-in-minutes/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.ripstech.com/2018/scan-verify-patch-security-issues-in-minutes/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C34714A-B9E0-4F2B-BE00-371F7158E64E",
"versionEndExcluding": "17.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter."
},
{
"lang": "es",
"value": "En Tiki en versiones anteriores a la 17.2, el componente \"user task\" es vulnerable a una inyecci\u00f3n SQL mediante el par\u00e1metro show_history en tiki-user_tasks.php."
}
],
"id": "CVE-2018-20719",
"lastModified": "2024-11-21T04:02:01.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-15T16:29:00.710",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.ripstech.com/2018/scan-verify-patch-security-issues-in-minutes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.ripstech.com/2018/scan-verify-patch-security-issues-in-minutes/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-11 16:15
Modified
2024-11-21 05:23
Severity ?
Summary
TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/S1lkys/CVE-2020-29254 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/S1lkys/CVE-2020-29254/blob/main/Tiki-Wiki%2021.2%20by%20Maximilian%20Barz.pdf | Exploit, Third Party Advisory | |
| cve@mitre.org | https://youtu.be/Uc3sRBitu50 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/S1lkys/CVE-2020-29254 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/S1lkys/CVE-2020-29254/blob/main/Tiki-Wiki%2021.2%20by%20Maximilian%20Barz.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://youtu.be/Uc3sRBitu50 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 21.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B32B6D73-E687-4118-8865-51DAF0CAA7A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited."
},
{
"lang": "es",
"value": "TikiWiki versi\u00f3n 21.2, permite plantillas para ser editadas sin protecci\u00f3n de tipo CSRF.\u0026#xa0;Esto podr\u00eda permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site request forgery (CSRF) y llevar a cabo unas protecciones CSRF insuficientes para la interfaz de administraci\u00f3n basada en web del sistema afectado.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad al persuadir a un usuario de la interfaz a seguir un v\u00ednculo dise\u00f1ado maliciosamente.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante llevar a cabo acciones arbitrarias en un sistema afectado con los privilegios del usuario.\u0026#xa0;Estas acciones incluyen permitir a atacantes enviar su propio c\u00f3digo por medio de un usuario autenticado, resultando una inclusi\u00f3n de archivo local.\u0026#xa0;Si un usuario autenticado que es capaz de editar las plantillas TikiWiki visita un sitio web malicioso, el c\u00f3digo de la plantilla puede ser editado"
}
],
"id": "CVE-2020-29254",
"lastModified": "2024-11-21T05:23:50.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-11T16:15:12.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/S1lkys/CVE-2020-29254"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/S1lkys/CVE-2020-29254/blob/main/Tiki-Wiki%2021.2%20by%20Maximilian%20Barz.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/Uc3sRBitu50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/S1lkys/CVE-2020-29254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/S1lkys/CVE-2020-29254/blob/main/Tiki-Wiki%2021.2%20by%20Maximilian%20Barz.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/Uc3sRBitu50"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-31 04:29
Modified
2024-11-21 03:35
Severity ?
Summary
lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/tikiorg/tiki/commit/6c016e8f066d2f404b18eaa1af7fa0c7a9651ccd | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.cdxy.me/?p=763 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tikiorg/tiki/commit/6c016e8f066d2f404b18eaa1af7fa0c7a9651ccd | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cdxy.me/?p=763 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 16.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FAA7AE-B0A7-4D61-AF86-0A09A3A20152",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php."
},
{
"lang": "es",
"value": "lib/core /TikiFilter/PreventXss.php en Tiki Wiki CMS Groupware 16.2 permitir\u00eda a un atacante remoto pasar por alto el filtro XSS a trav\u00e9s de caracteres de relleno cero, como lo demuestra un ataque a tiki-batch_send_newsletter.php."
}
],
"id": "CVE-2017-9305",
"lastModified": "2024-11-21T03:35:48.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-31T04:29:00.303",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/tikiorg/tiki/commit/6c016e8f066d2f404b18eaa1af7fa0c7a9651ccd"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.cdxy.me/?p=763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/tikiorg/tiki/commit/6c016e8f066d2f404b18eaa1af7fa0c7a9651ccd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.cdxy.me/?p=763"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-30 01:29
Modified
2024-11-21 03:13
Severity ?
Summary
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/09/28/13 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://sourceforge.net/p/tikiwiki/code/63829 | Patch, Third Party Advisory | |
| cve@mitre.org | https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/09/28/13 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/tikiwiki/code/63829 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released | Patch, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 12.0 | |
| tiki | tikiwiki_cms\/groupware | 12.1 | |
| tiki | tikiwiki_cms\/groupware | 12.2 | |
| tiki | tikiwiki_cms\/groupware | 12.3 | |
| tiki | tikiwiki_cms\/groupware | 12.4 | |
| tiki | tikiwiki_cms\/groupware | 12.5 | |
| tiki | tikiwiki_cms\/groupware | 12.6 | |
| tiki | tikiwiki_cms\/groupware | 12.7 | |
| tiki | tikiwiki_cms\/groupware | 12.8 | |
| tiki | tikiwiki_cms\/groupware | 12.9 | |
| tiki | tikiwiki_cms\/groupware | 12.10 | |
| tiki | tikiwiki_cms\/groupware | 12.11 | |
| tiki | tikiwiki_cms\/groupware | 15.0 | |
| tiki | tikiwiki_cms\/groupware | 15.1 | |
| tiki | tikiwiki_cms\/groupware | 15.2 | |
| tiki | tikiwiki_cms\/groupware | 15.3 | |
| tiki | tikiwiki_cms\/groupware | 15.4 | |
| tiki | tikiwiki_cms\/groupware | 16.0 | |
| tiki | tikiwiki_cms\/groupware | 16.1 | |
| tiki | tikiwiki_cms\/groupware | 16.2 | |
| tiki | tikiwiki_cms\/groupware | 17.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "B9B11DE8-D769-4368-9673-557806FF3CBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.1:*:*:*:lts:*:*:*",
"matchCriteriaId": "9D8C7315-9B1C-4472-986B-70059DB85B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.2:*:*:*:lts:*:*:*",
"matchCriteriaId": "8AC641D2-9F5E-48A1-A9E9-999543F894FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.3:*:*:*:lts:*:*:*",
"matchCriteriaId": "EF4E2F18-2B2D-49CF-8921-E7B0C18072EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.4:*:*:*:lts:*:*:*",
"matchCriteriaId": "8BD002F1-AA90-49A4-8604-FFE0BB081AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.5:*:*:*:lts:*:*:*",
"matchCriteriaId": "E1B61E9C-A2C8-4109-B772-45C01545F362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.6:*:*:*:lts:*:*:*",
"matchCriteriaId": "0E4FE121-C76E-48AA-8BC6-E15264BDD182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.7:*:*:*:lts:*:*:*",
"matchCriteriaId": "E5488F9D-638A-48C4-8BFA-B8DF98C4FD68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.8:*:*:*:lts:*:*:*",
"matchCriteriaId": "D01D66A8-D33F-4C1A-AEE3-9B12EB95A915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.9:*:*:*:lts:*:*:*",
"matchCriteriaId": "5F8AF787-295B-4B68-9403-ECDC04C3DFE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.10:*:*:*:lts:*:*:*",
"matchCriteriaId": "9CB17964-F2C6-4BC7-9706-00827975EAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.11:*:*:*:lts:*:*:*",
"matchCriteriaId": "7E00FFA9-DF8F-4CAE-BBD4-7D20167A1C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:15.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "76F00805-C136-4C4E-90B2-25AC35861D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:15.1:*:*:*:lts:*:*:*",
"matchCriteriaId": "76FAB03D-EF3F-4F78-B4B8-0E067098C478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:15.2:*:*:*:lts:*:*:*",
"matchCriteriaId": "CB47183C-0A64-476C-A8EE-4530C223C053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:15.3:*:*:*:lts:*:*:*",
"matchCriteriaId": "942B0F1F-736A-4295-B82F-31EDA5C53FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:15.4:*:*:*:lts:*:*:*",
"matchCriteriaId": "166BA1B9-2A83-4BDA-B48F-9912A244D027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE0E547-2EF3-4FD8-BBC3-1EE0CFE505E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E45A2D67-4C6E-475F-8F03-00E31E2DCA06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FAA7AE-B0A7-4D61-AF86-0A09A3A20152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B93FE186-2879-4ABF-BCC4-27C406C92EED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Request Forgery (CSRF) mediante un elemento IMG en Tiki en versiones anteriores a 16.3, las versiones 17.x anteriores a 17.1, 12 LTS anteriores a 12.12 LTS y 15 LTS en versiones anteriores a la 15.5 LTS permite que un usuario autenticado obtenga privilegios de administrador si un administrador abre una p\u00e1gina de wiki con un elemento IMG. Esto se relaciona con tiki-assignuser.php."
}
],
"id": "CVE-2017-14924",
"lastModified": "2024-11-21T03:13:46.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-30T01:29:02.037",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2017/09/28/13"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/tikiwiki/code/63829"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2017/09/28/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/tikiwiki/code/63829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-29 01:28
Modified
2024-11-21 00:22
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 1.9.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB235741-1FDA-4C90-BD6A-22D18D57D240",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en tiki-edit_structures.php en el TikiWiki 1.9.6 permite a atacantes remotos la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n mediante el par\u00e1metro pageAlias. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles se obtienen solamente a partir de la informaci\u00f3n de terceros."
}
],
"id": "CVE-2006-6162",
"lastModified": "2024-11-21T00:22:02.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-29T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22850"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/30692"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21297"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4709"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-27 19:07
Modified
2024-11-21 01:13
Severity ?
Summary
The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 3.0 | |
| tiki | tikiwiki_cms\/groupware | 3.1 | |
| tiki | tikiwiki_cms\/groupware | 3.2 | |
| tiki | tikiwiki_cms\/groupware | 3.3 | |
| tiki | tikiwiki_cms\/groupware | 3.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "481CEC51-C828-4AB7-9745-824B5D529D40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3F664D-C59E-4033-805B-BB3C85528091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "457AEABE-F6C1-459A-883E-4D4F0DD8D441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4401BA0E-5F63-405C-8C42-C2E1E4C45306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "69930A94-2008-4259-B2BE-BD159B1FD6FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to \"persistent login,\" probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php."
},
{
"lang": "es",
"value": "El m\u00e9todo Standard Remember en TikiWiki CMS/Groupware 3v.x anteriores a v3.5 permite a atacantes remotos saltarse las restriccines de acceso relativas a \"persistent login\", probablemente a trav\u00e9s de la generaci\u00f3n de cookies predecibles basadas en la direcci\u00f3n IP a el agente User sobre userslib.php."
}
],
"id": "CVE-2010-1136",
"lastModified": "2024-11-21T01:13:43.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-27T19:07:11.890",
"references": [
{
"source": "cve@mitre.org",
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/62801"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38882"
},
{
"source": "cve@mitre.org",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196\u0026r2=25195\u0026pathrev=25196"
},
{
"source": "cve@mitre.org",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25196"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38608"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/62801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196\u0026r2=25195\u0026pathrev=25196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56771"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-06 15:55
Modified
2024-11-21 01:56
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 6.8 | |
| tiki | tikiwiki_cms\/groupware | 6.9 | |
| tiki | tikiwiki_cms\/groupware | 6.10 | |
| tiki | tikiwiki_cms\/groupware | 6.11 | |
| tiki | tikiwiki_cms\/groupware | 6.12 | |
| tiki | tikiwiki_cms\/groupware | 9.0 | |
| tiki | tikiwiki_cms\/groupware | 9.0 | |
| tiki | tikiwiki_cms\/groupware | 9.0 | |
| tiki | tikiwiki_cms\/groupware | 9.0 | |
| tiki | tikiwiki_cms\/groupware | 9.1 | |
| tiki | tikiwiki_cms\/groupware | 9.2 | |
| tiki | tikiwiki_cms\/groupware | 9.2 | |
| tiki | tikiwiki_cms\/groupware | 9.3 | |
| tiki | tikiwiki_cms\/groupware | 9.4 | |
| tiki | tikiwiki_cms\/groupware | 9.5 | |
| tiki | tikiwiki_cms\/groupware | 9.6 | |
| tiki | tikiwiki_cms\/groupware | 10.0 | |
| tiki | tikiwiki_cms\/groupware | 10.0 | |
| tiki | tikiwiki_cms\/groupware | 10.0 | |
| tiki | tikiwiki_cms\/groupware | 10.1 | |
| tiki | tikiwiki_cms\/groupware | 10.2 | |
| tiki | tikiwiki_cms\/groupware | 10.3 | |
| tiki | tikiwiki_cms\/groupware | 11.0 | |
| tiki | tikiwiki_cms\/groupware | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.8:-:lts:*:*:*:*:*",
"matchCriteriaId": "673A659F-B843-480D-83AB-C762A14A9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.9:-:lts:*:*:*:*:*",
"matchCriteriaId": "120FCD3A-F2B6-4FA4-813D-86582005AF0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.10:-:lts:*:*:*:*:*",
"matchCriteriaId": "D95B1ADB-A1B7-487C-9F16-EE59ADFDE2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.11:-:lts:*:*:*:*:*",
"matchCriteriaId": "DBFB9525-CF5A-4E68-A7C9-7E3E41926AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.12:-:lts:*:*:*:*:*",
"matchCriteriaId": "8E51032C-F31F-4164-980D-6D5D3794F92B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.0:-:lts:*:*:*:*:*",
"matchCriteriaId": "68224364-8C2A-49EA-9699-DC25D442C740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.0:alpha:lts:*:*:*:*:*",
"matchCriteriaId": "A61EF962-848E-40BA-B91A-00118760E4AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.0:beta:lts:*:*:*:*:*",
"matchCriteriaId": "3ED7B1F4-35AF-4620-A000-63010838C253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.0:beta2:lts:*:*:*:*:*",
"matchCriteriaId": "1061E898-85F8-40DC-83A1-978B22EBDE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.1:-:lts:*:*:*:*:*",
"matchCriteriaId": "36855536-80A2-4DA3-A1F1-294534D3CBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.2:-:lts:*:*:*:*:*",
"matchCriteriaId": "41241234-0D3B-4A21-8DDE-DF13531737DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.2:beta1:lts:*:*:*:*:*",
"matchCriteriaId": "757E5585-B4CD-4B72-86D7-C3ED1E4210F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.3:-:lts:*:*:*:*:*",
"matchCriteriaId": "968103DF-4FED-4B79-9470-85D0EFF46C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.4:-:lts:*:*:*:*:*",
"matchCriteriaId": "A17C32D6-3AD0-47B9-A535-F45AF36DBB77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.5:-:lts:*:*:*:*:*",
"matchCriteriaId": "D0E5E8F4-4BEE-44BC-8DCC-CC0C8E7B7D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.6:-:lts:*:*:*:*:*",
"matchCriteriaId": "9FA3D2C3-0787-48BB-BD2C-90082B56E399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26BC8370-486A-4CDD-89FA-0A154DAA4350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:10.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "111106F2-2985-4E57-A136-59FC0685F553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:10.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "41F4F831-07B8-4750-9C99-6FDE291E2106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "996A3D2F-80FA-4D92-B990-E39A90107E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "959E9B5C-9D7C-4EAD-8FE6-1D8B165BBEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0B836D-5D99-48FF-A099-A39FFFD79507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30D43901-AC30-4EE7-9E60-374EAB7A70E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:11.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "DFCBEC25-6DA1-47E7-803E-199117BC6987",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en Tiki Wiki CMS Groupware 6 LTS antes 6.13LTS, 9 LTS antes 9.7LTS, 10.x antes de 10.4, 11.x anterior a 11.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados ."
}
],
"id": "CVE-2013-4714",
"lastModified": "2024-11-21T01:56:07.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-06T15:55:06.407",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://info.tiki.org/article221-New-Versions-of-all-supported-versions-of-Tiki-Wiki-CMS-Groupware"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN81813850/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://info.tiki.org/article221-New-Versions-of-all-supported-versions-of-Tiki-Wiki-CMS-Groupware"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN81813850/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000099"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-04-12 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 1.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10BE27BB-E5CF-4136-83D0-03A2BEBC10EB",
"versionEndIncluding": "1.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04CA9500-8F56-40DC-A6C4-F9964EFCD4F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL."
}
],
"id": "CVE-2004-1928",
"lastModified": "2024-11-20T23:52:04.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11344"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15849"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-01 01:30
Modified
2024-11-21 01:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan_pages.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5160514-D8C3-458A-B3A6-24CD4FB96BD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan_pages.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en TikiWiki (Tiki) CMS/Groupware v2.2 permite a atacantes remotos inyectar web script o HTML a trav\u00e9s de la parte PHP_SELF de una URI de (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, y (4) tiki-orphan_pages.php."
}
],
"id": "CVE-2009-1204",
"lastModified": "2024-11-21T01:01:54.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-01T01:30:00.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=2359\u0026trackerId=5\u0026show=view\u0026reloff=3\u0026cant=1229\u0026status=o\u0026trackerId=5\u0026sort_mode=created_desc"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=51"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34273"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/501702/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34105"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34106"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34107"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=2359\u0026trackerId=5\u0026show=view\u0026reloff=3\u0026cant=1229\u0026status=o\u0026trackerId=5\u0026sort_mode=created_desc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/501702/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34108"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-28 15:15
Modified
2024-11-21 01:20
Severity ?
Summary
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2010-4239 | Broken Link | |
| secalert@redhat.com | https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt | Exploit, Third Party Advisory | |
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2010-4239 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://www.openwall.com/lists/oss-security/2010/11/22/9 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2010-4239 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-4239 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2010/11/22/9 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "395EC051-76D6-43AA-822D-4E3A65A714EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tiki Wiki CMS Groupware 5.2 has Local File Inclusion"
},
{
"lang": "es",
"value": "Tiki Wiki CMS Groupware versi\u00f3n 5.2, tiene una Inclusi\u00f3n de Archivos Local."
}
],
"id": "CVE-2010-4239",
"lastModified": "2024-11-21T01:20:31.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-28T15:15:12.583",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4239"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4239"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-30 10:02
Modified
2024-11-21 00:11
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<scr<script>ipt>" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) "Assign new module" and (16) "Create new user module" in (k) tiki-admin_modules.php, (17) an unspecified field in "Add notification" in (l) tiki-admin_notifications.php, (18) the offset parameter in (m) tiki-admin_notifications.php, the (19) Name and (20) Dsn fields in (o) tiki-admin_dsn.php, the (21) offset parameter in (p) tiki-admin_content_templates.php, (22) an unspecified field in "Create new template" in (q) tiki-admin_content_templates.php, and the (23) offset parameter in (r) tiki-admin_chat.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.2 | |
| tiki | tikiwiki_cms\/groupware | 1.9.3 | |
| tiki | tikiwiki_cms\/groupware | 1.9.3.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.3.2 | |
| tiki | tikiwiki_cms\/groupware | 1.9.4 | |
| tiki | tikiwiki_cms\/groupware | 1.9.5 | |
| tiki | tikiwiki_cms\/groupware | 1.9.6 | |
| tiki | tikiwiki_cms\/groupware | 1.9.7 | |
| tiki | tikiwiki_cms\/groupware | 1.9.8 | |
| tiki | tikiwiki_cms\/groupware | 1.9.8.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.9 | |
| tiki | tikiwiki_cms\/groupware | 1.9.10 | |
| tiki | tikiwiki_cms\/groupware | 1.9.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B13501C0-3322-4D0C-8F7F-12535C76CB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6FB63DA4-E9B5-4BDF-A4E5-54F4EE4E94AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ADE04A29-E90B-41E1-A8B4-462B54C079B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2540703B-63B8-41F4-A17A-0274A7DE7E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1489E8DC-11E7-49A3-84FF-909954147D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "035EEFAB-B46C-407F-BF8C-B33756D4EEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "127349FA-B76D-402A-B688-F2F44024FA11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2EA0C8-D400-4981-9675-6A02184117C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ECB1097C-612D-445C-AB29-DD2C6F21174C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "175D43FD-450F-443E-831B-B8091BE7054F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2F437662-CD55-477B-9FEE-0CC4E6CB908D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB235741-1FDA-4C90-BD6A-22D18D57D240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "62C09D81-AA53-4E82-BEA6-D321D95D2E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE1CDD1-27F1-456C-933E-24219E6190CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50BC0034-F043-41EC-AF00-E3DC739A31F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "85FFFB16-913A-49F4-8AEA-A104EC1D8BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "545E77A4-B1E2-43FB-93A9-2BDCD71E809D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "306F2A3B-EFFE-49E1-95BC-19F688830DBE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as \"\u003cscr\u003cscript\u003eipt\u003e\" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) \"Assign new module\" and (16) \"Create new user module\" in (k) tiki-admin_modules.php, (17) an unspecified field in \"Add notification\" in (l) tiki-admin_notifications.php, (18) the offset parameter in (m) tiki-admin_notifications.php, the (19) Name and (20) Dsn fields in (o) tiki-admin_dsn.php, the (21) offset parameter in (p) tiki-admin_content_templates.php, (22) an unspecified field in \"Create new template\" in (q) tiki-admin_content_templates.php, and the (23) offset parameter in (r) tiki-admin_chat.php."
}
],
"id": "CVE-2006-2635",
"lastModified": "2024-11-21T00:11:42.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-05-30T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20334"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/976"
},
{
"source": "cve@mitre.org",
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=131"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26048"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26049"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26050"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26051"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26052"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26053"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26054"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26055"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26056"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26057"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26058"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26059"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26060"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26061"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26062"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/435127/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/436432/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18143"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/435127/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/436432/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2024"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-06 15:55
Modified
2024-11-21 01:56
Severity ?
Summary
SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 6.8 | |
| tiki | tikiwiki_cms\/groupware | 6.9 | |
| tiki | tikiwiki_cms\/groupware | 6.10 | |
| tiki | tikiwiki_cms\/groupware | 6.11 | |
| tiki | tikiwiki_cms\/groupware | 6.12 | |
| tiki | tikiwiki_cms\/groupware | 9.0 | |
| tiki | tikiwiki_cms\/groupware | 9.0 | |
| tiki | tikiwiki_cms\/groupware | 9.0 | |
| tiki | tikiwiki_cms\/groupware | 9.0 | |
| tiki | tikiwiki_cms\/groupware | 9.1 | |
| tiki | tikiwiki_cms\/groupware | 9.2 | |
| tiki | tikiwiki_cms\/groupware | 9.2 | |
| tiki | tikiwiki_cms\/groupware | 9.3 | |
| tiki | tikiwiki_cms\/groupware | 9.4 | |
| tiki | tikiwiki_cms\/groupware | 9.5 | |
| tiki | tikiwiki_cms\/groupware | 9.6 | |
| tiki | tikiwiki_cms\/groupware | 10.0 | |
| tiki | tikiwiki_cms\/groupware | 10.0 | |
| tiki | tikiwiki_cms\/groupware | 10.0 | |
| tiki | tikiwiki_cms\/groupware | 10.1 | |
| tiki | tikiwiki_cms\/groupware | 10.2 | |
| tiki | tikiwiki_cms\/groupware | 10.3 | |
| tiki | tikiwiki_cms\/groupware | 11.0 | |
| tiki | tikiwiki_cms\/groupware | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.8:-:lts:*:*:*:*:*",
"matchCriteriaId": "673A659F-B843-480D-83AB-C762A14A9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.9:-:lts:*:*:*:*:*",
"matchCriteriaId": "120FCD3A-F2B6-4FA4-813D-86582005AF0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.10:-:lts:*:*:*:*:*",
"matchCriteriaId": "D95B1ADB-A1B7-487C-9F16-EE59ADFDE2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.11:-:lts:*:*:*:*:*",
"matchCriteriaId": "DBFB9525-CF5A-4E68-A7C9-7E3E41926AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.12:-:lts:*:*:*:*:*",
"matchCriteriaId": "8E51032C-F31F-4164-980D-6D5D3794F92B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.0:-:lts:*:*:*:*:*",
"matchCriteriaId": "68224364-8C2A-49EA-9699-DC25D442C740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.0:alpha:lts:*:*:*:*:*",
"matchCriteriaId": "A61EF962-848E-40BA-B91A-00118760E4AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.0:beta:lts:*:*:*:*:*",
"matchCriteriaId": "3ED7B1F4-35AF-4620-A000-63010838C253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.0:beta2:lts:*:*:*:*:*",
"matchCriteriaId": "1061E898-85F8-40DC-83A1-978B22EBDE3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.1:-:lts:*:*:*:*:*",
"matchCriteriaId": "36855536-80A2-4DA3-A1F1-294534D3CBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.2:-:lts:*:*:*:*:*",
"matchCriteriaId": "41241234-0D3B-4A21-8DDE-DF13531737DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.2:beta1:lts:*:*:*:*:*",
"matchCriteriaId": "757E5585-B4CD-4B72-86D7-C3ED1E4210F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.3:-:lts:*:*:*:*:*",
"matchCriteriaId": "968103DF-4FED-4B79-9470-85D0EFF46C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.4:-:lts:*:*:*:*:*",
"matchCriteriaId": "A17C32D6-3AD0-47B9-A535-F45AF36DBB77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.5:-:lts:*:*:*:*:*",
"matchCriteriaId": "D0E5E8F4-4BEE-44BC-8DCC-CC0C8E7B7D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:9.6:-:lts:*:*:*:*:*",
"matchCriteriaId": "9FA3D2C3-0787-48BB-BD2C-90082B56E399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26BC8370-486A-4CDD-89FA-0A154DAA4350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:10.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "111106F2-2985-4E57-A136-59FC0685F553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:10.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "41F4F831-07B8-4750-9C99-6FDE291E2106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "996A3D2F-80FA-4D92-B990-E39A90107E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "959E9B5C-9D7C-4EAD-8FE6-1D8B165BBEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0B836D-5D99-48FF-A099-A39FFFD79507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30D43901-AC30-4EE7-9E60-374EAB7A70E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:11.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "DFCBEC25-6DA1-47E7-803E-199117BC6987",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Tiki Wiki CMS Groupware 6 LTS anterior a 6.13LTS, 9 LTS anterior 9.7LTS, 10.x anterior a 10.4, 11.x anterior a 11.1 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4715",
"lastModified": "2024-11-21T01:56:07.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-06T15:55:06.453",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://info.tiki.org/article221-New-Versions-of-all-supported-versions-of-Tiki-Wiki-CMS-Groupware"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN75720314/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://info.tiki.org/article221-New-Versions-of-all-supported-versions-of-Tiki-Wiki-CMS-Groupware"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN75720314/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000100"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-23 05:59
Modified
2024-11-21 03:01
Severity ?
Summary
Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to tiki-setup.php and article_image.php. The impact is XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/95083 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1037531 | ||
| cve@mitre.org | https://tiki.org/article443-Security-update-Tiki-16-1-Tiki-15-3-and-Tiki-12-10-released | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95083 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037531 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://tiki.org/article443-Security-update-Tiki-16-1-Tiki-15-3-and-Tiki-12-10-released | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 12.0 | |
| tiki | tikiwiki_cms\/groupware | 12.1 | |
| tiki | tikiwiki_cms\/groupware | 12.2 | |
| tiki | tikiwiki_cms\/groupware | 12.3 | |
| tiki | tikiwiki_cms\/groupware | 12.4 | |
| tiki | tikiwiki_cms\/groupware | 12.5 | |
| tiki | tikiwiki_cms\/groupware | 12.6 | |
| tiki | tikiwiki_cms\/groupware | 12.7 | |
| tiki | tikiwiki_cms\/groupware | 12.8 | |
| tiki | tikiwiki_cms\/groupware | 12.9 | |
| tiki | tikiwiki_cms\/groupware | 15.0 | |
| tiki | tikiwiki_cms\/groupware | 15.1 | |
| tiki | tikiwiki_cms\/groupware | 15.2 | |
| tiki | tikiwiki_cms\/groupware | 16.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A6F598-D08E-4678-BDC8-ED54AC8CFD82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "322FA36F-E1E4-4502-87E0-996109A62B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D47BD31-97FC-4852-88D1-8658AB4C42A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0AE735FE-550A-4B8D-A5D1-7D75B03754E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BCEC2B4E-E288-4D5E-983F-6FD52F84635F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8A45E65C-6162-4640-9B6E-F684086C88BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D55AAF44-F281-4947-B077-ADDC11728036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "56F231E7-D1D8-4BD7-99F8-2289A88E7A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A092086B-1CD1-422E-9A0F-87D2D04037A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.9:*:lts:*:*:*:*:*",
"matchCriteriaId": "EA5ED475-1724-47C1-8827-1AC36BB98660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4FDC15BB-00E6-4540-8406-F0AA9C5E9178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC4E1B6-E1E9-41D6-98B0-F2976D408D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F88EB9F2-F9C5-4BB7-9C29-74049BB7C2DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE0E547-2EF3-4FD8-BBC3-1EE0CFE505E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don\u0027t have the input sanitized, related to tiki-setup.php and article_image.php. The impact is XSS."
},
{
"lang": "es",
"value": "Algunas formas con el par\u00e1metro geo_zoomlevel_to_found_location en Tiki Wiki CMS 12.x en versiones anteriores a 12.10 LTS, 15.x en versiones anteriores a 15.3 LTS y 16.x en versiones anteriores a 16.1 no tienen la entrada desinfectada, relacionada con tiki-setup.php y article_image.php. El impacto es XSS"
}
],
"id": "CVE-2016-9889",
"lastModified": "2024-11-21T03:01:57.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-23T05:59:00.720",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95083"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037531"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://tiki.org/article443-Security-update-Tiki-16-1-Tiki-15-3-and-Tiki-12-10-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://tiki.org/article443-Security-update-Tiki-16-1-Tiki-15-3-and-Tiki-12-10-released"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-27 22:46
Modified
2024-11-21 00:40
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 1.6.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.2 | |
| tiki | tikiwiki_cms\/groupware | 1.9.3 | |
| tiki | tikiwiki_cms\/groupware | 1.9.4 | |
| tiki | tikiwiki_cms\/groupware | 1.9.5 | |
| tiki | tikiwiki_cms\/groupware | 1.9.6 | |
| tiki | tikiwiki_cms\/groupware | 1.9.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C5F236-CF41-4783-901B-E76F615E0F61",
"versionEndIncluding": "1.9.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04CA9500-8F56-40DC-A6C4-F9964EFCD4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B13501C0-3322-4D0C-8F7F-12535C76CB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6FB63DA4-E9B5-4BDF-A4E5-54F4EE4E94AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ADE04A29-E90B-41E1-A8B4-462B54C079B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2540703B-63B8-41F4-A17A-0274A7DE7E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1489E8DC-11E7-49A3-84FF-909954147D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "035EEFAB-B46C-407F-BF8C-B33756D4EEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "127349FA-B76D-402A-B688-F2F44024FA11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "175D43FD-450F-443E-831B-B8091BE7054F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2F437662-CD55-477B-9FEE-0CC4E6CB908D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB235741-1FDA-4C90-BD6A-22D18D57D240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "62C09D81-AA53-4E82-BEA6-D321D95D2E0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de comandos en sitios cruzados (XSS), en el archivo tiki-special_chars.php de TikiWiki, en versiones anteriores a la 1.9.9. Permite que atacantes remotos injecten, a su elecci\u00f3n, c\u00f3digos web o HTML, a trav\u00e9s del par\u00e1metro area_name."
}
],
"id": "CVE-2007-6526",
"lastModified": "2024-11-21T00:40:21.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-27T22:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/41179"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28225"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28602"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-10.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3483"
},
{
"source": "cve@mitre.org",
"url": "http://tikiwiki.org/ReleaseProcess199"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.h-labs.org/blog/2007/12/24/tikiwiki_1_9_8_3_tiki_special_chars_php_xss_vulnerability.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/485483/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/41179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tikiwiki.org/ReleaseProcess199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.h-labs.org/blog/2007/12/24/tikiwiki_1_9_8_3_tiki_special_chars_php_xss_vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485483/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27004"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-28 20:15
Modified
2024-11-21 06:13
Severity ?
Summary
TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category module.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/r0ck3t1973/xss_payload/issues/6 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/r0ck3t1973/xss_payload/issues/6 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 21.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:21.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F0B82A2-9FBD-4157-9961-2F3EC8C3F1B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category module."
},
{
"lang": "es",
"value": "Se ha detectado que TikiWiki versi\u00f3n v21.4 contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el componente tiki-browse_categories.php. Esta vulnerabilidad permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga \u00fatil dise\u00f1ada en el m\u00f3dulo Create category"
}
],
"id": "CVE-2021-36550",
"lastModified": "2024-11-21T06:13:49.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-28T20:15:07.580",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/r0ck3t1973/xss_payload/issues/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/r0ck3t1973/xss_payload/issues/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4003F93-8AE6-461B-BDB9-D55A1683B6B9",
"versionEndIncluding": "1.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386."
}
],
"id": "CVE-2005-0200",
"lastModified": "2024-11-20T23:54:37.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/13948"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://tikiwiki.org/art102"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-41.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/13948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://tikiwiki.org/art102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-41.xml"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-01 21:15
Modified
2024-11-21 05:39
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3F47ED-8523-4FE3-9405-92E7F8DF6AA3",
"versionEndIncluding": "20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Neutralizaci\u00f3n Inapropiada de Etiquetas HTML Relacionadas con Scripts en una P\u00e1gina Web (vulnerabilidad XSS B\u00e1sica) en las p\u00e1ginas web php de Tiki-Wiki Groupware. Tiki-Wiki CMS todas las versiones hasta 20.0 permite a usuarios maliciosos causar la inyecci\u00f3n de fragmentos de c\u00f3digo malicioso (scripts) en una p\u00e1gina web leg\u00edtima."
}
],
"id": "CVE-2020-8966",
"lastModified": "2024-11-21T05:39:45.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-01T21:15:15.287",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/tikiwiki/code/75455"
},
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/cross-site-scripting-xss-flaws-found-tiki-wiki-cms-software"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/tikiwiki/code/75455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/cross-site-scripting-xss-flaws-found-tiki-wiki-cms-software"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-29 02:28
Modified
2024-11-21 00:22
Severity ?
Summary
tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 1.6.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.2 | |
| tiki | tikiwiki_cms\/groupware | 1.9.3 | |
| tiki | tikiwiki_cms\/groupware | 1.9.4 | |
| tiki | tikiwiki_cms\/groupware | 1.9.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "255A9708-AA35-458B-8521-735D2AF7A637",
"versionEndIncluding": "1.9.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04CA9500-8F56-40DC-A6C4-F9964EFCD4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B13501C0-3322-4D0C-8F7F-12535C76CB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6FB63DA4-E9B5-4BDF-A4E5-54F4EE4E94AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ADE04A29-E90B-41E1-A8B4-462B54C079B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2540703B-63B8-41F4-A17A-0274A7DE7E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1489E8DC-11E7-49A3-84FF-909954147D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "035EEFAB-B46C-407F-BF8C-B33756D4EEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "127349FA-B76D-402A-B688-F2F44024FA11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "175D43FD-450F-443E-831B-B8091BE7054F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2F437662-CD55-477B-9FEE-0CC4E6CB908D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger \"notification-spam\" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of \"a minimal check on email.\""
},
{
"lang": "es",
"value": "tiki-register.php en TikiWiki anterior a 1.9.7 permite a atacantes remotos disparar \"notificaci\u00f3n de spam\" mediante vectores no especificados como una lista de direcciones separadas por coma en el campo email, relacionado con la falta de \"un m\u00ednimo chequeo en email\"."
}
],
"id": "CVE-2006-6168",
"lastModified": "2024-11-21T00:22:03.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-29T02:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50\u0026r2=1.157.2.51"
},
{
"source": "cve@mitre.org",
"url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68\u0026r2=1.69"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50\u0026r2=1.157.2.51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68\u0026r2=1.69"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4709"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-09 20:29
Modified
2024-11-21 04:11
Severity ?
Summary
Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2018/03/08/5 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://sourceforge.net/p/tikiwiki/code/65537 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2018/03/08/5 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/tikiwiki/code/65537 | Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 18.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B51E133-9A30-4328-BE36-D7446B932544",
"versionEndExcluding": "12.13",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63B54F30-2050-4323-9281-36B4AB1711F7",
"versionEndExcluding": "15.6",
"versionStartIncluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7260F68-73EB-4658-99AA-C803A43E7AEC",
"versionEndExcluding": "17.2",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48693BFC-234D-40CC-B2F3-57C61FB2C0C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1."
},
{
"lang": "es",
"value": "Existe Cross-Site Scripting (XSS) en Tiki, en versiones anteriores a la 12.13, 15.6, 17.2 y la 18.1."
}
],
"id": "CVE-2018-7290",
"lastModified": "2024-11-21T04:11:57.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-09T20:29:00.567",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/03/08/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/tikiwiki/code/65537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/03/08/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/tikiwiki/code/65537"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-04-11 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 1.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10BE27BB-E5CF-4136-83D0-03A2BEBC10EB",
"versionEndIncluding": "1.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04CA9500-8F56-40DC-A6C4-F9964EFCD4F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation."
}
],
"id": "CVE-2004-1926",
"lastModified": "2024-11-20T23:52:04.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-11T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11344"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10100"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-15 14:15
Modified
2024-11-21 01:32
Severity ?
Summary
Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://seclists.org/bugtraq/2011/Nov/140 | Exploit, Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://www.securityfocus.com/bid/48806/info | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2011/Nov/140 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.securityfocus.com/bid/48806/info | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14316E50-7F78-48F2-A3E2-4F43A74D98A5",
"versionEndIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tiki Wiki CMS Groupware 7.0 has XSS via the GET \"ajax\" parameter to snarf_ajax.php."
},
{
"lang": "es",
"value": "Tiki Wiki CMS Groupware versi\u00f3n 7.0, presenta una vulnerabilidad de tipo XSS por medio del par\u00e1metro GET \"ajax\" en el archivo snarf_ajax.php."
}
],
"id": "CVE-2011-4336",
"lastModified": "2024-11-21T01:32:15.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-15T14:15:11.433",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2011/Nov/140"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/48806/info"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2011/Nov/140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/48806/info"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-26 18:46
Modified
2024-11-21 00:38
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to the password reminder page (tiki-remind_password.php), (2) IMG tags in wiki pages, and (3) the local_php parameter to db/tiki-db.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 1.6.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.2 | |
| tiki | tikiwiki_cms\/groupware | 1.9.3 | |
| tiki | tikiwiki_cms\/groupware | 1.9.4 | |
| tiki | tikiwiki_cms\/groupware | 1.9.5 | |
| tiki | tikiwiki_cms\/groupware | 1.9.6 | |
| tiki | tikiwiki_cms\/groupware | 1.9.7 | |
| tiki | tikiwiki_cms\/groupware | 1.9.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2B821A-4879-423C-B2EF-811F1F0D3F90",
"versionEndIncluding": "1.9.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04CA9500-8F56-40DC-A6C4-F9964EFCD4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B13501C0-3322-4D0C-8F7F-12535C76CB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6FB63DA4-E9B5-4BDF-A4E5-54F4EE4E94AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ADE04A29-E90B-41E1-A8B4-462B54C079B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2540703B-63B8-41F4-A17A-0274A7DE7E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1489E8DC-11E7-49A3-84FF-909954147D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "035EEFAB-B46C-407F-BF8C-B33756D4EEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "127349FA-B76D-402A-B688-F2F44024FA11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "175D43FD-450F-443E-831B-B8091BE7054F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2F437662-CD55-477B-9FEE-0CC4E6CB908D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB235741-1FDA-4C90-BD6A-22D18D57D240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "62C09D81-AA53-4E82-BEA6-D321D95D2E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE1CDD1-27F1-456C-933E-24219E6190CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to the password reminder page (tiki-remind_password.php), (2) IMG tags in wiki pages, and (3) the local_php parameter to db/tiki-db.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el TikiWiki 1.9.8.1 y versiones anteriores permiten a atacantes remotos la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de (1) el par\u00e1metro username a la p\u00e1gina que recuerda las contrase\u00f1as (tiki-remind_password.php), (2) la etiqueta IMG en las p\u00e1ginas wiki y (3) el par\u00e1metro local_php del db/tiki-db.php."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nTikiWiki, TikiWiki, 1.9.8.2",
"id": "CVE-2007-5683",
"lastModified": "2024-11-21T00:38:27.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-10-26T18:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/482801/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/482801/30/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-30 01:29
Modified
2024-11-21 03:13
Severity ?
Summary
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/09/28/13 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://sourceforge.net/p/tikiwiki/code/63872 | Patch, Third Party Advisory | |
| cve@mitre.org | https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/09/28/13 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/tikiwiki/code/63872 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released | Patch, Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 12.0 | |
| tiki | tikiwiki_cms\/groupware | 12.1 | |
| tiki | tikiwiki_cms\/groupware | 12.2 | |
| tiki | tikiwiki_cms\/groupware | 12.3 | |
| tiki | tikiwiki_cms\/groupware | 12.4 | |
| tiki | tikiwiki_cms\/groupware | 12.5 | |
| tiki | tikiwiki_cms\/groupware | 12.6 | |
| tiki | tikiwiki_cms\/groupware | 12.7 | |
| tiki | tikiwiki_cms\/groupware | 12.8 | |
| tiki | tikiwiki_cms\/groupware | 12.9 | |
| tiki | tikiwiki_cms\/groupware | 12.10 | |
| tiki | tikiwiki_cms\/groupware | 12.11 | |
| tiki | tikiwiki_cms\/groupware | 15.0 | |
| tiki | tikiwiki_cms\/groupware | 15.1 | |
| tiki | tikiwiki_cms\/groupware | 15.2 | |
| tiki | tikiwiki_cms\/groupware | 15.3 | |
| tiki | tikiwiki_cms\/groupware | 15.4 | |
| tiki | tikiwiki_cms\/groupware | 16.0 | |
| tiki | tikiwiki_cms\/groupware | 16.1 | |
| tiki | tikiwiki_cms\/groupware | 16.2 | |
| tiki | tikiwiki_cms\/groupware | 17.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "B9B11DE8-D769-4368-9673-557806FF3CBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.1:*:*:*:lts:*:*:*",
"matchCriteriaId": "9D8C7315-9B1C-4472-986B-70059DB85B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.2:*:*:*:lts:*:*:*",
"matchCriteriaId": "8AC641D2-9F5E-48A1-A9E9-999543F894FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.3:*:*:*:lts:*:*:*",
"matchCriteriaId": "EF4E2F18-2B2D-49CF-8921-E7B0C18072EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.4:*:*:*:lts:*:*:*",
"matchCriteriaId": "8BD002F1-AA90-49A4-8604-FFE0BB081AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.5:*:*:*:lts:*:*:*",
"matchCriteriaId": "E1B61E9C-A2C8-4109-B772-45C01545F362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.6:*:*:*:lts:*:*:*",
"matchCriteriaId": "0E4FE121-C76E-48AA-8BC6-E15264BDD182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.7:*:*:*:lts:*:*:*",
"matchCriteriaId": "E5488F9D-638A-48C4-8BFA-B8DF98C4FD68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.8:*:*:*:lts:*:*:*",
"matchCriteriaId": "D01D66A8-D33F-4C1A-AEE3-9B12EB95A915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.9:*:*:*:lts:*:*:*",
"matchCriteriaId": "5F8AF787-295B-4B68-9403-ECDC04C3DFE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.10:*:*:*:lts:*:*:*",
"matchCriteriaId": "9CB17964-F2C6-4BC7-9706-00827975EAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:12.11:*:*:*:lts:*:*:*",
"matchCriteriaId": "7E00FFA9-DF8F-4CAE-BBD4-7D20167A1C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:15.0:*:*:*:lts:*:*:*",
"matchCriteriaId": "76F00805-C136-4C4E-90B2-25AC35861D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:15.1:*:*:*:lts:*:*:*",
"matchCriteriaId": "76FAB03D-EF3F-4F78-B4B8-0E067098C478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:15.2:*:*:*:lts:*:*:*",
"matchCriteriaId": "CB47183C-0A64-476C-A8EE-4530C223C053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:15.3:*:*:*:lts:*:*:*",
"matchCriteriaId": "942B0F1F-736A-4295-B82F-31EDA5C53FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:15.4:*:*:*:lts:*:*:*",
"matchCriteriaId": "166BA1B9-2A83-4BDA-B48F-9912A244D027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE0E547-2EF3-4FD8-BBC3-1EE0CFE505E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E45A2D67-4C6E-475F-8F03-00E31E2DCA06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FAA7AE-B0A7-4D61-AF86-0A09A3A20152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B93FE186-2879-4ABF-BCC4-27C406C92EED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Request Forgery (CSRF) mediante un elemento IMG en Tiki en versiones anteriores a 16.3, las versiones 17.x anteriores a 17.1, 12 LTS anteriores a 12.12 LTS y 15 LTS en versiones anteriores a la 15.5 LTS permite que un usuario autenticado evite permisos globales si un administrador abre una p\u00e1gina de wiki con un elemento IMG. Esto se relaciona con tiki-objectpermissions.php. Por ejemplo, un atacante podr\u00eda asignar privilegios de administrador a cada usuario sin autenticar del sitio."
}
],
"id": "CVE-2017-14925",
"lastModified": "2024-11-21T03:13:46.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-30T01:29:02.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2017/09/28/13"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/tikiwiki/code/63872"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2017/09/28/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/tikiwiki/code/63872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-04 01:07
Modified
2024-11-21 00:20
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 1.9.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2F437662-CD55-477B-9FEE-0CC4E6CB908D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en tiki-featured_link.php en Tikiwiki 1.9.5 permite a un atacante remoto inyectar secuencias de comandos web o HTML a trav\u00e9s de un par\u00e1metro url que eluden el filtro, como se demostr\u00f3 por el valor del par\u00e1metro que contiene informaci\u00f3n mal formada, elementos de secuencias de comandos anidadas"
}
],
"id": "CVE-2006-5703",
"lastModified": "2024-11-21T00:20:12.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-11-04T01:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22678"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23039"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200611-11.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1816"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/450268/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20858"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4316"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200611-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/450268/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29958"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-12 19:55
Modified
2024-11-21 01:42
Severity ?
Summary
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 2.2 | |
| tiki | tikiwiki_cms\/groupware | 3.0 | |
| tiki | tikiwiki_cms\/groupware | 3.1 | |
| tiki | tikiwiki_cms\/groupware | 3.2 | |
| tiki | tikiwiki_cms\/groupware | 3.3 | |
| tiki | tikiwiki_cms\/groupware | 3.4 | |
| tiki | tikiwiki_cms\/groupware | 3.5 | |
| tiki | tikiwiki_cms\/groupware | 4 | |
| tiki | tikiwiki_cms\/groupware | 4.0 | |
| tiki | tikiwiki_cms\/groupware | 4.1 | |
| tiki | tikiwiki_cms\/groupware | 4.2 | |
| tiki | tikiwiki_cms\/groupware | 5.0 | |
| tiki | tikiwiki_cms\/groupware | 5.1 | |
| tiki | tikiwiki_cms\/groupware | 5.2 | |
| tiki | tikiwiki_cms\/groupware | 5.3 | |
| tiki | tikiwiki_cms\/groupware | 6.0 | |
| tiki | tikiwiki_cms\/groupware | 6.1 | |
| tiki | tikiwiki_cms\/groupware | 6.2 | |
| tiki | tikiwiki_cms\/groupware | 7.0 | |
| tiki | tikiwiki_cms\/groupware | 7.1 | |
| tiki | tikiwiki_cms\/groupware | 7.2 | |
| tiki | tikiwiki_cms\/groupware | 8.0 | |
| tiki | tikiwiki_cms\/groupware | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60D85CA4-259B-4FA0-86CE-7BE518252AC2",
"versionEndIncluding": "8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5160514-D8C3-458A-B3A6-24CD4FB96BD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "481CEC51-C828-4AB7-9745-824B5D529D40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3F664D-C59E-4033-805B-BB3C85528091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "457AEABE-F6C1-459A-883E-4D4F0DD8D441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4401BA0E-5F63-405C-8C42-C2E1E4C45306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "69930A94-2008-4259-B2BE-BD159B1FD6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4DB362-E012-4A97-8EA4-9589D2811C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:4:*:*:*:*:*:*:*",
"matchCriteriaId": "4EC5B2D3-63D9-414D-92C2-4423CA525C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03BE8241-0A3F-48E5-9917-D22CC187F650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC898854-88D0-44F7-A742-30956E99F879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69CBF74D-A845-4461-8673-B3616339BD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74F3472D-158E-439A-BBAA-9DB8677C97B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "197A8FDC-2474-4FB8-80E1-10A898D4CDCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "395EC051-76D6-43AA-822D-4E3A65A714EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EC0F2A72-FF54-4CB6-8456-35AC90945720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA7EADB-82F1-4A28-8AF8-17F6BCFD4E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72AE1516-6085-4505-93EF-AFC8B7FEB357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "07C509BE-1B02-441E-9CA2-E568B39976DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "856C2298-D9AB-4947-B7A2-5457F7BA3BDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F91FDFE-D9F0-4839-B5A5-4F6400F2880A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FB6C008-CC5D-4EBF-A2DF-688840C45FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB2F4E7-FC71-4DB5-BDC4-9069E20C5C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D956F1-3C55-4F30-B1E0-33C3E835BF26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php."
},
{
"lang": "es",
"value": "TikiWiki CMS/Groupware v8.3 y anteriores permite a atacantes remotos obtener la ruta de instalaci\u00f3n mediante una peticion a (1) admin/include_calendar.php, (2) tiki-rss_error.php, o (3) tiki-watershed_service.php."
}
],
"id": "CVE-2012-3996",
"lastModified": "2024-11-21T01:42:00.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-12T19:55:07.077",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://dev.tiki.org/item4109"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://info.tiki.org/article191-Tiki-Releases-8-4"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/19573"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/19630"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/83533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://dev.tiki.org/item4109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://info.tiki.org/article191-Tiki-Releases-8-4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/19573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/19630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/83533"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-23 10:02
Modified
2024-11-21 00:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED003E11-05AC-4CD0-A117-99E48B832268",
"versionEndIncluding": "1.9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B13501C0-3322-4D0C-8F7F-12535C76CB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6FB63DA4-E9B5-4BDF-A4E5-54F4EE4E94AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ADE04A29-E90B-41E1-A8B4-462B54C079B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2540703B-63B8-41F4-A17A-0274A7DE7E63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
],
"id": "CVE-2005-3283",
"lastModified": "2024-11-21T00:01:31.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-10-23T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=109858"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17279"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17363"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015087"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=364457"
},
{
"source": "cve@mitre.org",
"url": "http://tikiwiki.org/art118"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-23.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15164"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=109858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=364457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tikiwiki.org/art118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-23.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2176"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4003F93-8AE6-461B-BDB9-D55A1683B6B9",
"versionEndIncluding": "1.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200."
}
],
"id": "CVE-2004-1386",
"lastModified": "2024-11-20T23:50:45.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1012700"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=97"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/p-084.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-12.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/12628"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/12110"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1012700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=97"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/p-084.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/12628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/12110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18691"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-12 19:55
Modified
2024-11-21 01:35
Severity ?
Summary
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "6A1D9B8A-FAED-4172-974B-9DCAB5FA50A7",
"versionEndExcluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D2ADB014-8549-4F8B-8B6D-1FD34D85DD40",
"versionEndExcluding": "8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function."
},
{
"lang": "es",
"value": "TikiWiki CMS/Groupware anterior a v6.7 LTS y anterior a v8.4 permite a atacantes remotos ejecutar c\u00f3digo arbitrario PHP mediante un objeto serializado manipulado en el par\u00e1metro (1) cookieName para lib/banners/bannerlib.php; (2) printpages o (3) el par\u00e1metro printstructures para (a) tiki-print_multi_pages.php o (b) tiki-print_pages.php; o (4) sendpages, (5) sendstructures, o (6) el par\u00e1metro sendarticles para to tiki-send_objects.php, el cual no es correctamente procesado por la funci\u00f3n unserialize"
}
],
"id": "CVE-2012-0911",
"lastModified": "2024-11-21T01:35:57.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2012-07-12T19:55:03.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://dev.tiki.org/item4109"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://info.tiki.org/article191-Tiki-Releases-8-4"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/83534"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/19573"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/19630"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/54298"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://dev.tiki.org/item4109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://info.tiki.org/article191-Tiki-Releases-8-4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/83534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/19573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/19630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/54298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76758"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-13 01:41
Modified
2024-11-21 00:49
Severity ?
Summary
Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 1.6.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.2 | |
| tiki | tikiwiki_cms\/groupware | 1.9.3 | |
| tiki | tikiwiki_cms\/groupware | 1.9.4 | |
| tiki | tikiwiki_cms\/groupware | 1.9.5 | |
| tiki | tikiwiki_cms\/groupware | 1.9.6 | |
| tiki | tikiwiki_cms\/groupware | 1.9.7 | |
| tiki | tikiwiki_cms\/groupware | 1.9.8 | |
| tiki | tikiwiki_cms\/groupware | 1.9.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E2D7393-C196-4B8B-AC1D-8C082AFCF9D1",
"versionEndIncluding": "1.9.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04CA9500-8F56-40DC-A6C4-F9964EFCD4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B13501C0-3322-4D0C-8F7F-12535C76CB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6FB63DA4-E9B5-4BDF-A4E5-54F4EE4E94AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ADE04A29-E90B-41E1-A8B4-462B54C079B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2540703B-63B8-41F4-A17A-0274A7DE7E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1489E8DC-11E7-49A3-84FF-909954147D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "035EEFAB-B46C-407F-BF8C-B33756D4EEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "127349FA-B76D-402A-B688-F2F44024FA11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "175D43FD-450F-443E-831B-B8091BE7054F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2F437662-CD55-477B-9FEE-0CC4E6CB908D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB235741-1FDA-4C90-BD6A-22D18D57D240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "62C09D81-AA53-4E82-BEA6-D321D95D2E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE1CDD1-27F1-456C-933E-24219E6190CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50BC0034-F043-41EC-AF00-E3DC739A31F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en TikiWiki CMS/Groupware antes de 2.0 tiene un impacto y vectores de ataque desconocidos."
}
],
"id": "CVE-2008-3653",
"lastModified": "2024-11-21T00:49:47.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-13T01:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=35"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44422"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-20 22:03
Modified
2024-11-21 00:02
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B13501C0-3322-4D0C-8F7F-12535C76CB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1489E8DC-11E7-49A3-84FF-909954147D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "035EEFAB-B46C-407F-BF8C-B33756D4EEC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter."
}
],
"id": "CVE-2005-3528",
"lastModified": "2024-11-21T00:02:06.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-11-20T22:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://moritz-naumann.com/adv/0003/tikiw/0003.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17521"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/416152/30/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15371"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://moritz-naumann.com/adv/0003/tikiw/0003.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/416152/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2376"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-03 18:30
Modified
2024-11-21 00:53
Severity ?
Summary
Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4003F93-8AE6-461B-BDB9-D55A1683B6B9",
"versionEndIncluding": "1.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Tikiwiki 2.2 y versiones anteriores, con desconocido impacto y un vector de ataque relativo al archivo tiki-error.php, diferente vulnerabilidad que CVE-2008-3653."
}
],
"id": "CVE-2008-5319",
"lastModified": "2024-11-21T00:53:49.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-03T18:30:01.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=41"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32341"
},
{
"source": "cve@mitre.org",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/50058"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31857"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2889"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/50058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47106"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-16 10:02
Modified
2024-11-21 00:12
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.2 | |
| tiki | tikiwiki_cms\/groupware | 1.9.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49A0C8D7-1F01-45BB-A752-09B668B265D9",
"versionEndIncluding": "1.9.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B13501C0-3322-4D0C-8F7F-12535C76CB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6FB63DA4-E9B5-4BDF-A4E5-54F4EE4E94AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ADE04A29-E90B-41E1-A8B4-462B54C079B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2540703B-63B8-41F4-A17A-0274A7DE7E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1489E8DC-11E7-49A3-84FF-909954147D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "035EEFAB-B46C-407F-BF8C-B33756D4EEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "127349FA-B76D-402A-B688-F2F44024FA11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en TikiWiki v1.9.3.2 y versiones anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores de ataque desconocidos"
}
],
"id": "CVE-2006-3047",
"lastModified": "2024-11-21T00:12:41.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-06-16T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20648"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20850"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1102"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=64258\u0026release_id=423840"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/437017/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18421"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2349"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=64258\u0026release_id=423840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/437017/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27145"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-07 00:04
Modified
2024-11-21 00:16
Severity ?
Summary
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 1.9.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "175D43FD-450F-443E-831B-B8091BE7054F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory."
},
{
"lang": "es",
"value": "Vulnerabilidad de actualizaci\u00f3n de fichero no restringida en jhot.php en TikiWiki 1.9.4 Sirius y anteriores, permite a un atacante remoto ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s del par\u00e1metro filepath que contiene un nombre de fichero con una extensi\u00f3n .php, lo cual es actualizado en el directorio img/wiki/."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/434.html\r\n\u0027CWE-434: Unrestricted Upload of File with Dangerous Type\u0027",
"id": "CVE-2006-4602",
"lastModified": "2024-11-21T00:16:21.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-07T00:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://isc.sans.org/diary.php?storyid=1672"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21733"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22100"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200609-16.xml"
},
{
"source": "cve@mitre.org",
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=136"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28456"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19819"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3450"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/2288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://isc.sans.org/diary.php?storyid=1672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200609-16.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/2288"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-27 19:07
Modified
2024-11-21 01:13
Severity ?
Summary
SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 3.0 | |
| tiki | tikiwiki_cms\/groupware | 3.1 | |
| tiki | tikiwiki_cms\/groupware | 3.2 | |
| tiki | tikiwiki_cms\/groupware | 3.3 | |
| tiki | tikiwiki_cms\/groupware | 3.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "481CEC51-C828-4AB7-9745-824B5D529D40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3F664D-C59E-4033-805B-BB3C85528091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "457AEABE-F6C1-459A-883E-4D4F0DD8D441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4401BA0E-5F63-405C-8C42-C2E1E4C45306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "69930A94-2008-4259-B2BE-BD159B1FD6FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n _find en searchlib.php en TikiWiki CMS/Groupware v3.x anteriores a v3.5\r\n, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de la variable $searchDate"
}
],
"id": "CVE-2010-1134",
"lastModified": "2024-11-21T01:13:43.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-27T19:07:11.827",
"references": [
{
"source": "cve@mitre.org",
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/62800"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38882"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25429"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38608"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/62800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev\u0026revision=25429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56769"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-12 22:15
Modified
2024-11-21 01:58
Severity ?
Summary
A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/450646 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/63463 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/450646 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/63463 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF1B5A3-9F22-4D54-AB93-8ABF6C9E57BC",
"versionEndIncluding": "11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Tiki Wiki CMG Groupware versi\u00f3n 11.0, por medio del id paraZeroClipboard.swf, lo que podr\u00eda permitir a un usuario malicioso remoto ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2013-6022",
"lastModified": "2024-11-21T01:58:38.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-12T22:15:12.707",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/450646"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/63463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/450646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/63463"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-16 18:29
Modified
2024-11-21 04:11
Severity ?
Summary
An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2018/02/16/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://sourceforge.net/p/tikiwiki/code/65327 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2018/02/16/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/tikiwiki/code/65327 | Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E31B8C9-F96A-42E3-818C-0E5552CDE881",
"versionEndExcluding": "18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php."
},
{
"lang": "es",
"value": "Una vulnerabilidad de XSS (mediante una imagen SVG) en Tiki, en versiones anteriores a la 18, permite que un usuario autenticado obtenga privilegios de administrador si un administrador abre una p\u00e1gina de wiki con una imagen SVG maliciosa. Esto est\u00e1 relacionado con lib/filegals/filegallib.php."
}
],
"id": "CVE-2018-7188",
"lastModified": "2024-11-21T04:11:45.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-16T18:29:00.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2018/02/16/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/tikiwiki/code/65327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2018/02/16/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/tikiwiki/code/65327"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-08 18:55
Modified
2024-11-21 01:44
Severity ?
Summary
tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 8.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "108A7F1C-1FDD-40E9-94AD-8C939B3A3B47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka \"frame injection.\""
},
{
"lang": "es",
"value": "tiki-featured_link.php en TikiWiki CMS/Groupware 8.3, permite a atacantes remotos para cargar arbitrarias p\u00e1ginas del sitio web en marcos y llevar a cabo ataques de phishing a trav\u00e9s del par\u00e1metro url, tambi\u00e9n conocido como \"inyecci\u00f3n de marco\"."
}
],
"id": "CVE-2012-5321",
"lastModified": "2024-11-21T01:44:28.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-10-08T18:55:01.370",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/79409"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48102"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://st2tea.blogspot.com/2012/02/tiki-wiki-cms-groupware-frame-injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/52079"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securitytracker.com/id?1026708"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/79409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://st2tea.blogspot.com/2012/02/tiki-wiki-cms-groupware-frame-injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/52079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securitytracker.com/id?1026708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73403"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-28 00:17
Modified
2024-11-21 00:35
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 1.9.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "62C09D81-AA53-4E82-BEA6-D321D95D2E0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en tiki-remind_password.php en Tikiwiki (tambi\u00e9n conocido como Tiki CMS/Groupware) 1.9.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro username. NOTA: este asunto podr\u00eda estar relacionado con CVE-2006-2635.7."
}
],
"id": "CVE-2007-4554",
"lastModified": "2024-11-21T00:35:52.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-08-28T00:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26618"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3064"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/477653/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25433"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/477653/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2984"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-16 10:02
Modified
2024-11-21 00:12
Severity ?
Summary
SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.2 | |
| tiki | tikiwiki_cms\/groupware | 1.9.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49A0C8D7-1F01-45BB-A752-09B668B265D9",
"versionEndIncluding": "1.9.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B13501C0-3322-4D0C-8F7F-12535C76CB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6FB63DA4-E9B5-4BDF-A4E5-54F4EE4E94AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ADE04A29-E90B-41E1-A8B4-462B54C079B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2540703B-63B8-41F4-A17A-0274A7DE7E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1489E8DC-11E7-49A3-84FF-909954147D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "035EEFAB-B46C-407F-BF8C-B33756D4EEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "127349FA-B76D-402A-B688-F2F44024FA11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en TikiWiki v1.9.3.2 y posiblemente en versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores de ataque desconocidos."
}
],
"id": "CVE-2006-3048",
"lastModified": "2024-11-21T00:12:42.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-16T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20648"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20850"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1102"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/437017/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18421"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2349"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-29.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/437017/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27146"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-20 22:03
Modified
2024-11-21 00:02
Severity ?
Summary
tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B13501C0-3322-4D0C-8F7F-12535C76CB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1489E8DC-11E7-49A3-84FF-909954147D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "035EEFAB-B46C-407F-BF8C-B33756D4EEC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability."
}
],
"id": "CVE-2005-3529",
"lastModified": "2024-11-21T00:02:07.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-20T22:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://moritz-naumann.com/adv/0003/tikiw/0003.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17521"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/165"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20711"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/416152/30/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://moritz-naumann.com/adv/0003/tikiw/0003.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/416152/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2376"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-24 10:30
Modified
2024-11-20 23:47
Severity ?
Summary
TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 1.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04CA9500-8F56-40DC-A6C4-F9964EFCD4F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer \"Remember Me\" feature. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "TikiWiki v1.6.1 permite a usuarios remotos evitar la autenticaci\u00f3n introduciendo un nombre de usuario v\u00e1lido con un password arbitrario. Vulnerabilidad posiblemente relacionada con la caracter\u00edstica \"Remember Me\" de Internet Explorer. NOTA: algunos de los detalles han sido obtenidos de terceras partes."
}
],
"id": "CVE-2003-1574",
"lastModified": "2024-11-20T23:47:29.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-24T10:30:01.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=748739\u0026group_id=64258\u0026atid=506846"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14170"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=748739\u0026group_id=64258\u0026atid=506846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40347"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-13 17:29
Modified
2024-11-21 03:49
Severity ?
Summary
Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E9A971-531E-43D6-AB49-88D1F393A74A",
"versionEndExcluding": "12.14",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2A34D3-6BA8-4E28-850C-DBE573F75BA5",
"versionEndExcluding": "15.7",
"versionStartIncluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADBF95E0-093F-4B48-A8D5-ED1244C25B85",
"versionEndExcluding": "18.2",
"versionStartIncluding": "18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image."
},
{
"lang": "es",
"value": "Vulnerabilidades Cross-Site Scripting (XSS) persistente en Tiki en versiones anteriores a la 18.2, 15.7 y 12.14 permiten que un usuario autenticado inyecte c\u00f3digo JavaScript para obtener privilegios de administrador si un administrador abre una p\u00e1gina wiki y mueve el cursor del rat\u00f3n a un enlace modificado o una imagen thumb."
}
],
"id": "CVE-2018-14850",
"lastModified": "2024-11-21T03:49:55.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-13T17:29:01.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/02/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/02/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/tikiwiki/code/66990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/02/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/tikiwiki/code/66990"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-04 01:07
Modified
2024-11-21 00:20
Severity ?
Summary
Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 1.9.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2F437662-CD55-477B-9FEE-0CC4E6CB908D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages."
},
{
"lang": "es",
"value": "Tikiwiki 1.9.5 permite a un atacante remoto obtener informaci\u00f3n sensible (nombre de usuario de MySQL y contrase\u00f1a) a trav\u00e9s de un par\u00e1metro vac\u00edo sort_mode en (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, y (21) tiki-webmail_contacts.php,lo cual revela la informaci\u00f3n en ciertos mensajes de error de la base de datos."
}
],
"id": "CVE-2006-5702",
"lastModified": "2024-11-21T00:20:12.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-04T01:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22678"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23039"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200611-11.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1816"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/450268/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20858"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4316"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200611-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/450268/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29960"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-27 22:46
Modified
2024-11-21 00:40
Severity ?
Summary
Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3) tiki-g-admin_shared_source.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 1.6.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.2 | |
| tiki | tikiwiki_cms\/groupware | 1.9.3 | |
| tiki | tikiwiki_cms\/groupware | 1.9.4 | |
| tiki | tikiwiki_cms\/groupware | 1.9.5 | |
| tiki | tikiwiki_cms\/groupware | 1.9.6 | |
| tiki | tikiwiki_cms\/groupware | 1.9.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C5F236-CF41-4783-901B-E76F615E0F61",
"versionEndIncluding": "1.9.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04CA9500-8F56-40DC-A6C4-F9964EFCD4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B13501C0-3322-4D0C-8F7F-12535C76CB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6FB63DA4-E9B5-4BDF-A4E5-54F4EE4E94AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ADE04A29-E90B-41E1-A8B4-462B54C079B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2540703B-63B8-41F4-A17A-0274A7DE7E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1489E8DC-11E7-49A3-84FF-909954147D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "035EEFAB-B46C-407F-BF8C-B33756D4EEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "127349FA-B76D-402A-B688-F2F44024FA11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "175D43FD-450F-443E-831B-B8091BE7054F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2F437662-CD55-477B-9FEE-0CC4E6CB908D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB235741-1FDA-4C90-BD6A-22D18D57D240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "62C09D81-AA53-4E82-BEA6-D321D95D2E0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3) tiki-g-admin_shared_source.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en TikiWiki anterior a 1.9.9 tienen impacto y vectores de ataque desconocidos involucrando (1) tiki-edit_css.php, (2) tiki-list_games.php, o (3) tiki-g-admin_shared_source.php."
}
],
"id": "CVE-2007-6529",
"lastModified": "2024-11-21T00:40:22.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-12-27T22:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/41175"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/41176"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/41177"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28225"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28602"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-10.xml"
},
{
"source": "cve@mitre.org",
"url": "http://tikiwiki.org/ReleaseProcess199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/41175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/41176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/41177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tikiwiki.org/ReleaseProcess199"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-13 17:29
Modified
2024-11-21 03:49
Severity ?
Summary
Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E9A971-531E-43D6-AB49-88D1F393A74A",
"versionEndExcluding": "12.14",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2A34D3-6BA8-4E28-850C-DBE573F75BA5",
"versionEndExcluding": "15.7",
"versionStartIncluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADBF95E0-093F-4B48-A8D5-ED1244C25B85",
"versionEndExcluding": "18.2",
"versionStartIncluding": "18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php."
},
{
"lang": "es",
"value": "Tiki en versiones anteriores a la 18.2, 15.7 y 12.14 tiene Cross-Site Scripting (XSS) mediante los atributos link relacionados con lib/core/WikiParser/OutputLink.php y lib/parser/parserlib.php."
}
],
"id": "CVE-2018-14849",
"lastModified": "2024-11-21T03:49:54.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-13T17:29:01.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/02/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/02/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/tikiwiki/code/66809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/02/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/tikiwiki/code/66809"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-27 19:44
Modified
2024-11-21 00:43
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4003F93-8AE6-461B-BDB9-D55A1683B6B9",
"versionEndIncluding": "1.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en tiki-edit_article.php de TikiWiki before 1.9.10.1 permite a atacantes remotos inyectar web script o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-1047",
"lastModified": "2024-11-21T00:43:32.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-27T19:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=1498"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29092"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://tikiwiki.org/ReleaseNotes1910"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27968"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=1498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://tikiwiki.org/ReleaseNotes1910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0661"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-18 06:03
Modified
2024-11-20 23:58
Severity ?
Summary
Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 1.6.1 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | |
| tiki | tikiwiki_cms\/groupware | 1.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9879799-409B-4DA4-8216-025CC6CE8D24",
"versionEndIncluding": "1.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04CA9500-8F56-40DC-A6C4-F9964EFCD4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6FB63DA4-E9B5-4BDF-A4E5-54F4EE4E94AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ADE04A29-E90B-41E1-A8B4-462B54C079B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2540703B-63B8-41F4-A17A-0274A7DE7E63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php."
}
],
"id": "CVE-2005-1925",
"lastModified": "2024-11-20T23:58:25.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-18T06:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015190"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=335\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=337\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15390"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15392"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23095"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=335\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=337\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23099"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-07-05 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:xml_rpc:*:*:*:*:*:pear:*:*",
"matchCriteriaId": "DF9FF982-2BF4-49ED-82F8-C8F8327D2EF3",
"versionEndIncluding": "1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gggeek:phpxmlrpc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83956BC5-8694-4C4B-92C4-D3C960980F66",
"versionEndIncluding": "1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00201099-3C07-44F0-880B-CE2AE77EE171",
"versionEndExcluding": "4.5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C248ACE-86AF-40FF-8B8F-FE1879E54FF2",
"versionEndExcluding": "4.6.2",
"versionStartIncluding": "4.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "363E6E27-87B4-4271-B374-B176DE9E5D56",
"versionEndExcluding": "1.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement."
}
],
"id": "CVE-2005-1921",
"lastModified": "2024-11-20T23:58:25.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-07-05T04:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112008638320145\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112015336720867\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112605112027335\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Product"
],
"url": "http://pear.php.net/package/XML_RPC/download/1.3.1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15810"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15852"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15855"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15861"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15872"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15883"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15884"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15895"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15903"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15904"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15916"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15917"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15922"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15944"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15947"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15957"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/16001"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/16339"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/16693"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/17440"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/17674"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/18003"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200507-01.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200507-06.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200507-07.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1015336"
},
{
"source": "secalert@redhat.com",
"tags": [
"Product"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=87163"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=338803"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.ampache.org/announce/3_3_1_2.php"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-745"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-746"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-747"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-789"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://www.hardened-php.net/advisory-022005.php"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:109"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2005_41_php_pear.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2005_49_php.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-564.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/419064/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/419064/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/14088"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2005/2827"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112008638320145\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112015336720867\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112605112027335\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Product"
],
"url": "http://pear.php.net/package/XML_RPC/download/1.3.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/15957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/16001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/16339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/16693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/17440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/17674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/18003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200507-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200507-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200507-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1015336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=87163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=338803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.ampache.org/announce/3_3_1_2.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.hardened-php.net/advisory-022005.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2005_41_php_pear.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2005_49_php.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-564.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/419064/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/419064/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/14088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2005/2827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-12 23:17
Modified
2024-11-21 00:37
Severity ?
Summary
tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 1.9.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE1CDD1-27F1-456C-933E-24219E6190CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function."
},
{
"lang": "es",
"value": "El archivo tiki-graph_formula.php en TikiWiki versi\u00f3n 1.9.8, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de secuencias PHP en el par\u00e1metro array f, que son procesadas mediante create_function."
}
],
"id": "CVE-2007-5423",
"lastModified": "2024-11-21T00:37:51.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-12T23:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195503"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/40478"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27190"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27344"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3216"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securityvulns.ru/Sdocument162.html"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/forum/forum.php?forum_id=744898"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=546283\u0026group_id=64258"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-21.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/482128/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26006"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3492"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37076"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/40478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securityvulns.ru/Sdocument162.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/forum/forum.php?forum_id=744898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=546283\u0026group_id=64258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-21.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/482128/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4509"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-23 01:04
Modified
2024-11-21 00:15
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 1.9.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "175D43FD-450F-443E-831B-B8091BE7054F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en tiki-searchindex.php en TikiWiki 1.9.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro highlight. NOTA: los detalles se han obtenido de informaci\u00f3n de terceros."
}
],
"id": "CVE-2006-4299",
"lastModified": "2024-11-21T00:15:36.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-08-23T01:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21536"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22100"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200609-16.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28071"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19654"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3351"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200609-16.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28498"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-20 08:59
Modified
2024-11-21 02:43
Severity ?
Summary
A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/96787 | ||
| cve@mitre.org | https://dev.tiki.org/item6174 | Permissions Required | |
| cve@mitre.org | https://sourceforge.net/p/tikiwiki/code/60308/ | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96787 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://dev.tiki.org/item6174 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/tikiwiki/code/60308/ | Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 15.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F88EB9F2-F9C5-4BB7-9C29-74049BB7C2DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field."
},
{
"lang": "es",
"value": "Una vulnerabilidad en Tiki Wiki CMS 15.2 podr\u00eda permitir a un atacante remoto leer archivos arbitrarios en un sistema objetivo a trav\u00e9s de un nombre de ruta manipulado en un campo URL banner."
}
],
"id": "CVE-2016-10143",
"lastModified": "2024-11-21T02:43:24.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-20T08:59:00.127",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96787"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://dev.tiki.org/item6174"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/tikiwiki/code/60308/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://dev.tiki.org/item6174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/tikiwiki/code/60308/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-11 17:28
Modified
2024-11-21 00:22
Severity ?
Summary
tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 1.9.2 | |
| tiki | tikiwiki_cms\/groupware | 1.9.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "035EEFAB-B46C-407F-BF8C-B33756D4EEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2F437662-CD55-477B-9FEE-0CC4E6CB908D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message."
},
{
"lang": "es",
"value": "tiki-wiki_rss.php en Tikiwiki 1.9.5, 1.9.2, y posiblemente otras versiones permite a atacantes remotos obtener informaci\u00f3n sensible (nombre de usuario y contrase\u00f1a MySQL) mediante un par\u00e1metro ver inv\u00e1lido (largo o negativo), lo cual filtra la informaci\u00f3n en un mensaje de error."
}
],
"id": "CVE-2006-6457",
"lastModified": "2024-11-21T00:22:44.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-11T17:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/452639/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/452639/100/200/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-04-12 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4) tiki-browse_categories.php, (5) tiki-index.php, (6) tiki-user_tasks.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-file_galleries.php, (10) tiki-list_faqs.php, (11) tiki-list_trackers.php, (12) tiki-list_blogs.php, or via the offset parameter in (13) tiki-usermenu.php, (14) tiki-browse_categories.php, (15) tiki-index.php, (16) tiki-user_tasks.php, (17) tiki-list_faqs.php, (18) tiki-list_trackers.php, or (19) tiki-list_blogs.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=108180073206947&w=2 | ||
| cve@mitre.org | http://secunia.com/advisories/11344 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://tikiwiki.org/tiki-read_article.php?articleId=66 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/10100 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/15845 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=108180073206947&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/11344 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tikiwiki.org/tiki-read_article.php?articleId=66 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/10100 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/15845 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | |
| tiki | tikiwiki_cms\/groupware | 1.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10BE27BB-E5CF-4136-83D0-03A2BEBC10EB",
"versionEndIncluding": "1.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04CA9500-8F56-40DC-A6C4-F9964EFCD4F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4) tiki-browse_categories.php, (5) tiki-index.php, (6) tiki-user_tasks.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-file_galleries.php, (10) tiki-list_faqs.php, (11) tiki-list_trackers.php, (12) tiki-list_blogs.php, or via the offset parameter in (13) tiki-usermenu.php, (14) tiki-browse_categories.php, (15) tiki-index.php, (16) tiki-user_tasks.php, (17) tiki-list_faqs.php, (18) tiki-list_trackers.php, or (19) tiki-list_blogs.php."
}
],
"id": "CVE-2004-1925",
"lastModified": "2024-11-20T23:52:04.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11344"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108180073206947\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15845"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-21 20:29
Modified
2024-11-21 04:11
Severity ?
Summary
The Calendar component in Tiki 17.1 allows HTML injection.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://websecnerd.blogspot.in/2018/01/tiki-wiki-cms-groupware-17.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://websecnerd.blogspot.in/2018/01/tiki-wiki-cms-groupware-17.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 17.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7B0EE3-96EA-4DB4-A218-E0070CEF3A4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Calendar component in Tiki 17.1 allows HTML injection."
},
{
"lang": "es",
"value": "El componente Calendar en Tiki 17.1 permite la inyecci\u00f3n HTML."
}
],
"id": "CVE-2018-7303",
"lastModified": "2024-11-21T04:11:58.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-21T20:29:00.367",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://websecnerd.blogspot.in/2018/01/tiki-wiki-cms-groupware-17.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://websecnerd.blogspot.in/2018/01/tiki-wiki-cms-groupware-17.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}