Page 2 of 7 results (0.005 seconds)

CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 2

Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters. Tiki versión 8.2 y anteriores, permiten a administradores remotos ejecutar código PHP arbitrario por medio de una entrada diseñada a los parámetros regexres y regex. Tiki Wiki CMS Groupware versions 8.2 and below suffer from a remote PHP code injection vulnerability in snarf_ajax.php. • https://www.exploit-db.com/exploits/18265 https://packetstormsecurity.com/files/108111/Tiki-Wiki-CMS-Groupware-8.2-Code-Injection.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1

Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki-login_scr.php, or (4) tiki-index. Múltiples vulnerabilidades de tipo cross-site scripting en Tiki versión 8.0 RC1 y anteriores, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de la información de ruta en el archivo (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki- login_scr.php, o (4) tiki-index. Tiki Wiki CMS Groupware suffers from multiple cross site scripting vulnerabilities. Versions 7.2 and 8.0 RC1 are affected. • https://packetstormsecurity.com/files/107082/Tiki-Wiki-CMS-Groupware-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •