Filtered by vendor Tiki
Subscribe
Total
91 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3529 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | 5.0 MEDIUM | N/A |
| tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability. | |||||
| CVE-2006-4734 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters. | |||||
| CVE-2006-3048 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2005-1925 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php. | |||||
| CVE-2004-1928 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | 7.5 HIGH | N/A |
| The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL. | |||||
| CVE-2004-1926 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | 7.5 HIGH | N/A |
| Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation. | |||||
| CVE-2005-0200 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | 7.5 HIGH | N/A |
| TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386. | |||||
| CVE-2005-3283 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2004-1923 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | 5.0 MEDIUM | N/A |
| Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message. | |||||
| CVE-2004-1927 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter. | |||||
| CVE-2024-46879 | 1 Tiki | 1 Tiki | 2026-04-02 | N/A | 5.4 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in the POST request data zipPath of tiki-admin_system.php in Tiki version 21.2. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions. | |||||
| CVE-2024-46878 | 1 Tiki | 1 Tiki | 2026-04-02 | N/A | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions. | |||||
| CVE-2025-34111 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-10-03 | N/A | 9.8 CRITICAL |
| An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector (connector.minimal.php), which allows remote attackers to upload and execute malicious PHP scripts in the context of the web server. The vulnerable component does not enforce file type validation, allowing attackers to craft a POST request to upload executable PHP payloads through the ELFinder interface exposed at /vendor_extra/elfinder/. | |||||
| CVE-2024-51508 | 1 Tiki | 1 Tiki | 2025-06-03 | N/A | 4.8 MEDIUM |
| Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index. | |||||
| CVE-2024-51509 | 1 Tiki | 1 Tiki | 2025-06-03 | N/A | 4.8 MEDIUM |
| Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored XSS payload in the Name. | |||||
| CVE-2024-51507 | 1 Tiki | 1 Tiki | 2025-06-03 | N/A | 4.8 MEDIUM |
| Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name. | |||||
| CVE-2024-51506 | 1 Tiki | 1 Tiki | 2025-06-03 | N/A | 4.8 MEDIUM |
| Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description. | |||||
| CVE-2017-14924 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-20 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php. | |||||
| CVE-2017-9305 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php. | |||||
| CVE-2016-10143 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field. | |||||