Lucene search

GoogleOSV:CVE-2023-22851

HistoryJan 14, 2023 - 2:15 a.m.

CVE-2023-22851

2023-01-1402:15:12

Google

osv.dev

tiki

php object injection

cve-2023-22851

administrator

unserialize

importer

wordpress

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.5%

JSON

Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call.

CPENameOperatorVersion
tikieq5.0Beta1
tikieqtags/22.0alpha
tikieq14.0
tikieq8.0RC1
tikieq9.0beta2
tikieqtags/22.0beta
tikieq19.0alpha
tikieqtags/21.0RC1
tikieq8.0
tikieq12.1alpha

Name	Operator	Version
tiki	eq	5.0Beta1
tiki	eq	tags/22.0alpha
tiki	eq	14.0
tiki	eq	8.0RC1
tiki	eq	9.0beta2
tiki	eq	tags/22.0beta
tiki	eq	19.0alpha
tiki	eq	tags/21.0RC1
tiki	eq	8.0
tiki	eq	12.1alpha

Rows per page:

1-10 of 591

References

karmainsecurity.com/KIS-2023-04

tiki.org/articles

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.5%

JSON

Related for OSV:CVE-2023-22851