3 matches found
CVE-2018-7304
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation...
Tiki Wiki CMS Groupware Multiple Vulnerabilities (Feb 2018)
Tiki Wiki CMS Groupware is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2018-7304
CVE-2018-7304 affects Tiki Wiki CMS Groupware (Tiki) version 17.1. The vulnerability arises because the application does not validate user input containing special characters in CSV fields, enabling CSV Injection that can trigger commands on the victim’s machine (for example, an input payload lik...