Lucene search

Tiki Security Vulnerabilities

cve

CVE-2023-2813

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...

6.1CVSS

6.6AI Score

0.001EPSS

2023-09-04 12:15 PM

cve

CVE-2023-22851

Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize...

7.2CVSS

7.2AI Score

0.001EPSS

2023-01-14 02:15 AM

cve

CVE-2023-22850

Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize...

8.8CVSS

8.9AI Score

0.001EPSS

2023-01-14 02:15 AM

cve

CVE-2023-22853

Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an...

8.8CVSS

8.9AI Score

0.001EPSS

2023-01-14 01:15 AM

cve

CVE-2023-22852

Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and...

6.5CVSS

6.4AI Score

0.0005EPSS

2023-01-14 01:15 AM

cve

CVE-2020-15906

tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login...

9.8CVSS

8.6AI Score

0.009EPSS

2020-10-22 06:15 PM

115

cve

CVE-2020-16131

Tiki before 21.2 allows XSS because [\s/"'] is not properly considered in...

6.1CVSS

6.5AI Score

0.001EPSS

2020-08-03 05:15 PM

cve

CVE-2020-8966

There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web...

6.1CVSS

7.1AI Score

0.001EPSS

2020-04-01 09:15 PM

cve

CVE-2013-6022

A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary...

6.1CVSS

6.1AI Score

0.001EPSS

2020-02-12 10:15 PM

cve

CVE-2011-4558

Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex...

7.2CVSS

7.3AI Score

0.015EPSS

2020-01-27 03:15 PM

cve

CVE-2011-4454

Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki-login_scr.php, or (4)...

6.1CVSS

6.1AI Score

0.001EPSS

2019-11-20 07:15 PM

cve

CVE-2011-4455

Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4)...

6.1CVSS

6.1AI Score

0.001EPSS

2019-11-20 07:15 PM

cve

CVE-2018-7302

Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to...

5.4CVSS

5.4AI Score

0.001EPSS

2018-02-21 08:29 PM

cve

CVE-2018-7304

Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User...

8.8CVSS

7.1AI Score

0.001EPSS

2018-02-21 08:29 PM