Default credentials

tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts...

CVE-2020-15906

CVE-2020-15906 affects Tiki Wiki CMS GroupWare before 21.2. The flaw in tiki-login.php allows an authentication bypass: after 50 invalid login attempts, the admin password is set to blank, permitting unauthenticated admin access. Remediation: upgrade to version 21.2 or later. CVSS 3.1 base score ...

Tiki Wiki CMS Groupware 8.1 / 6.4 LTS Cross Site Scripting

Advisory: Tiki Wiki CMS Groupware Stored Cross-Site-Scripting Advisory ID: INFOSERVE-ADV2011-07 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on Tiki 8.1 & 6.4 LTS affects all current releases Vendor URL: http://info.tiki.org/ Vendor Status: fixed...

Tiki Wiki CMS Groupware 8.1 - 'show_errors' HTML Injection

source: https://www.securityfocus.com/bid/51128/info Tiki Wiki CMS Groupware is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the...