Japan Vulnerability NotesJVN:75720314JVN#75720314: Tiki Wiki CMS Groupware vulnerable to SQL injection
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
51.7%
Tiki Wiki CMS Groupware (Tiki) is a content management system (CMS). Tiki contains a SQL injection vulnerability.
Impact
An arbitrary SQL command may be executed in the database the product is referencing.
Solution
Apply an Update
Apply the appropriate update for the version of the software being used.
**
Apply a Workaround**
If an update cannot be applied, the following workaround may mitigate the affects of this vulnerability.
- Disable feature_search_fulltext (MySQL Full-Text Search) through Preferences
- Delete the tiki-searchresults.php file from the web server
Products Affected
- Tiki versions prior to 11.1
- Tiki versions prior to 10.4
- Tiki versions prior to 9.7LTS
- Tiki versions prior to 6.13LTS
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
51.7%