IDCVSSSummaryLast (major) updatePublished
CVE-2018-20719 6.5
In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.
15-01-2019 - 11:29 15-01-2019 - 11:29
CVE-2018-14850 3.5
Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image.
13-08-2018 - 13:29 13-08-2018 - 13:29
CVE-2018-14849 3.5
Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php.
13-08-2018 - 13:29 13-08-2018 - 13:29
CVE-2018-7290 3.5
Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1.
09-03-2018 - 15:29 09-03-2018 - 15:29
CVE-2018-7303 3.5
The Calendar component in Tiki 17.1 allows HTML injection.
21-02-2018 - 15:29 21-02-2018 - 15:29
CVE-2018-7188 3.5
An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.
16-02-2018 - 13:29 16-02-2018 - 13:29
CVE-2016-7394 4.3
tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie.
06-02-2018 - 11:29 06-02-2018 - 11:29
CVE-2017-14925 6.0
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page w
29-09-2017 - 21:29 29-09-2017 - 21:29
CVE-2017-14924 6.0
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki
29-09-2017 - 21:29 29-09-2017 - 21:29
CVE-2017-9145 4.3
TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS.
26-06-2017 - 09:29 26-06-2017 - 09:29
CVE-2017-9305 4.3
lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php.
31-05-2017 - 00:29 31-05-2017 - 00:29
CVE-2016-10143 5.0
A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field.
13-03-2017 - 21:59 20-01-2017 - 03:59
CVE-2016-9889 4.3
Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to tiki-setup.php and article_image.php. The impact is XSS.
30-12-2016 - 14:42 23-12-2016 - 00:59
CVE-2004-1928 7.5
The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL.
17-10-2016 - 23:03 12-04-2004 - 00:00
CVE-2004-1927 5.0
Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter.
17-10-2016 - 23:03 11-04-2004 - 00:00
CVE-2004-1926 7.5
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Cou
17-10-2016 - 23:03 11-04-2004 - 00:00
CVE-2004-1925 7.5
Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-director
17-10-2016 - 23:03 12-04-2004 - 00:00
CVE-2004-1924 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority param
17-10-2016 - 23:03 11-04-2004 - 00:00
CVE-2004-1923 5.0
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal
17-10-2016 - 23:03 11-04-2004 - 00:00
CVE-2013-4714 4.3
Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
06-11-2013 - 19:51 06-11-2013 - 10:55
CVE-2013-4715 7.5
SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
06-11-2013 - 19:51 06-11-2013 - 10:55
CVE-2012-3996 5.0
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
24-10-2012 - 00:00 12-07-2012 - 15:55
CVE-2012-0911 7.5
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki
24-10-2012 - 00:00 12-07-2012 - 15:55
CVE-2011-4551 4.3
Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.
24-10-2012 - 00:00 30-09-2012 - 20:55
CVE-2010-1136 7.5
The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in
24-10-2012 - 00:00 27-03-2010 - 15:07
CVE-2010-1135 7.5
The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse.
24-10-2012 - 00:00 27-03-2010 - 15:07
CVE-2010-1134 7.5
SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable.
24-10-2012 - 00:00 27-03-2010 - 15:07
CVE-2010-1133 7.5
Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php.
24-10-2012 - 00:00 27-03-2010 - 15:07
CVE-2009-1204 4.3
Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpag
24-10-2012 - 00:00 31-03-2009 - 21:30
CVE-2008-5319 5.0
Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653.
24-10-2012 - 00:00 03-12-2008 - 13:30
CVE-2008-5318 5.0
Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653.
24-10-2012 - 00:00 03-12-2008 - 13:30
CVE-2008-3654 5.0
Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors.
24-10-2012 - 00:00 12-08-2008 - 21:41
CVE-2008-3653 10.0
Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors.
24-10-2012 - 00:00 12-08-2008 - 21:41
CVE-2008-1047 4.3
Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
24-10-2012 - 00:00 27-02-2008 - 14:44
CVE-2007-6529 10.0
Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3) tiki-g-admin_shared_source.php.
24-10-2012 - 00:00 27-12-2007 - 17:46
CVE-2007-6528 5.0
Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter.
24-10-2012 - 00:00 27-12-2007 - 17:46
CVE-2007-6526 4.3
Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter.
24-10-2012 - 00:00 27-12-2007 - 17:46
CVE-2007-5684 7.5
Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) e
24-10-2012 - 00:00 26-10-2007 - 14:46
CVE-2007-5683 4.3
Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to the password reminder page (tiki-remind_password.php), (2) IMG tags in
24-10-2012 - 00:00 26-10-2007 - 14:46
CVE-2007-5682 7.5
Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a differe
24-10-2012 - 00:00 26-10-2007 - 14:46
CVE-2007-5423 7.5
tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.
24-10-2012 - 00:00 12-10-2007 - 19:17
CVE-2007-4554 4.3
Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-
24-10-2012 - 00:00 27-08-2007 - 20:17
CVE-2006-6457 5.0
tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error me
24-10-2012 - 00:00 11-12-2006 - 12:28
CVE-2006-6168 7.5
tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email."
24-10-2012 - 00:00 28-11-2006 - 21:28
CVE-2006-6163 4.3
Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters.
24-10-2012 - 00:00 28-11-2006 - 20:28
CVE-2006-6162 4.3
Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are o
24-10-2012 - 00:00 28-11-2006 - 20:28
CVE-2006-5703 4.3
Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed,
24-10-2012 - 00:00 03-11-2006 - 20:07
CVE-2006-5702 5.0
Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.ph
24-10-2012 - 00:00 03-11-2006 - 20:07
CVE-2006-4734 7.5
Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters.
24-10-2012 - 00:00 13-09-2006 - 18:07
CVE-2006-4602 7.5
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/
24-10-2012 - 00:00 06-09-2006 - 20:04
CVE-2006-4299 4.3
Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown; the details are obtai
24-10-2012 - 00:00 22-08-2006 - 21:04
CVE-2006-3048 7.5
SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
24-10-2012 - 00:00 16-06-2006 - 06:02
CVE-2006-3047 4.3
Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
24-10-2012 - 00:00 16-06-2006 - 06:02
CVE-2006-2635 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<scr<script>ipt>" in (1) offset and (2) days paramete
24-10-2012 - 00:00 30-05-2006 - 06:02
CVE-2005-3529 5.0
tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability.
24-10-2012 - 00:00 20-11-2005 - 17:03
CVE-2005-3528 4.3
Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter.
24-10-2012 - 00:00 20-11-2005 - 17:03
CVE-2005-3283 4.3
Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
24-10-2012 - 00:00 23-10-2005 - 06:02
CVE-2005-1925 7.5
Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php.
24-10-2012 - 00:00 18-11-2005 - 01:03
CVE-2005-0200 7.5
TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386.
24-10-2012 - 00:00 02-05-2005 - 00:00
CVE-2004-1386 7.5
TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200.
24-10-2012 - 00:00 31-12-2004 - 00:00
CVE-2003-1574 7.5
TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party infor
24-10-2012 - 00:00 24-08-2009 - 06:30
CVE-2012-5321 5.8
tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection."
09-10-2012 - 00:00 08-10-2012 - 14:55
Back to Top Mark selected
Back to Top