CVE-2004-1926

2005-05-1004:00:00

CWE-94

mitre

web.nvd.nist.gov

cve-2004-1926

tiki cms

tikiwiki

code injection

security vulnerability

remote attack

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.021

Percentile

89.1%

JSON

Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation.

Affected configurations

Nvd

Node

tikitikiwiki_cms\/groupwareRange≤1.8.1

tikitikiwiki_cms\/groupwareMatch1.6.1

VendorProductVersionCPE
tikitikiwiki_cms\/groupware*cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:*:*:*:*
tikitikiwiki_cms\/groupware1.6.1cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.6.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tiki	tikiwiki_cms\/groupware	*	cpe:2.3:a:tiki:tikiwiki_cms\/groupware::::::::
tiki	tikiwiki_cms\/groupware	1.6.1	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.6.1:::::::*