Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Tiki Security Vulnerabilities

cve
cve

CVE-2011-4454

Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki-login_scr.php, or (4) tiki-index.

6.1CVSS

6.1AI Score

0.001EPSS

2019-11-20 07:15 PM
49
cve
cve

CVE-2011-4455

Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php.

6.1CVSS

6.1AI Score

0.001EPSS

2019-11-20 07:15 PM
44
cve
cve

CVE-2011-4558

Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.

7.2CVSS

7.3AI Score

0.015EPSS

2020-01-27 03:15 PM
24
cve
cve

CVE-2018-7302

Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS.

5.4CVSS

5.8AI Score

0.001EPSS

2022-10-03 04:21 PM
20
cve
cve

CVE-2018-7304

Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation.

8.8CVSS

8.8AI Score

0.001EPSS

2022-10-03 04:21 PM
27
cve
cve

CVE-2020-15906

tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.

9.8CVSS

9.3AI Score

0.009EPSS

2020-10-22 06:15 PM
117
5
cve
cve

CVE-2020-16131

Tiki before 21.2 allows XSS because [\s/"'] is not properly considered in lib/core/TikiFilter/PreventXss.php.

6.1CVSS

5.9AI Score

0.001EPSS

2020-08-03 05:15 PM
31
cve
cve

CVE-2023-22850

Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call.

8.8CVSS

8.9AI Score

0.001EPSS

2023-01-14 02:15 AM
19
cve
cve

CVE-2023-22851

Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call.

7.2CVSS

7.1AI Score

0.001EPSS

2023-01-14 02:15 AM
19
cve
cve

CVE-2023-22852

Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php.

6.5CVSS

6.4AI Score

0.001EPSS

2023-01-14 01:15 AM
18
cve
cve

CVE-2023-22853

Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval.

8.8CVSS

8.9AI Score

0.001EPSS

2023-01-14 01:15 AM
30
cve
cve

CVE-2023-2813

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, Bu...

6.1CVSS

6.1AI Score

0.001EPSS

2023-09-04 12:15 PM
26