CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 2CVE-2011-4558 – Tiki Wiki CMS Groupware 8.2 - 'snarf_ajax.php' Remote PHP Code Injection
https://notcve.org/view.php?id=CVE-2011-4558
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters. Tiki versión 8.2 y anteriores, permiten a administradores remotos ejecutar código PHP arbitrario por medio de una entrada diseñada a los parámetros regexres y regex. Tiki Wiki CMS Groupware versions 8.2 and below suffer from a remote PHP code injection vulnerability in snarf_ajax.php. • https://www.exploit-db.com/exploits/18265 https://packetstormsecurity.com/files/108111/Tiki-Wiki-CMS-Groupware-8.2-Code-Injection.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2011-4454 – Tiki Wiki CMS Groupware Cross Site Scripting
https://notcve.org/view.php?id=CVE-2011-4454
Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki-login_scr.php, or (4) tiki-index. Múltiples vulnerabilidades de tipo cross-site scripting en Tiki versión 8.0 RC1 y anteriores, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de la información de ruta en el archivo (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki- login_scr.php, o (4) tiki-index. Tiki Wiki CMS Groupware suffers from multiple cross site scripting vulnerabilities. Versions 7.2 and 8.0 RC1 are affected. • https://packetstormsecurity.com/files/107082/Tiki-Wiki-CMS-Groupware-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2011-4455 – Tiki Wiki CMS Groupware Cross Site Scripting
https://notcve.org/view.php?id=CVE-2011-4455
Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php. Múltiples vulnerabilidades de tipo cross-site scripting en Tiki versiones 7.2 y anteriores, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de la información de ruta en el archivo (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage .php, o (4) tiki-rename_page.php. Tiki Wiki CMS Groupware suffers from multiple cross site scripting vulnerabilities. Versions 7.2 and 8.0 RC1 are affected. • https://packetstormsecurity.com/files/107082/Tiki-Wiki-CMS-Groupware-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •