CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2010-1136
https://notcve.org/view.php?id=CVE-2010-1136
26 Mar 2010 — The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php. El método Standard Remember en TikiWiki CMS/Groupware 3v.x anteriores a v3.5 permite a atacantes remotos saltarse las restriccines de acceso relativas a "persistent login", probablemente a través de la generación de cookies predecibles basadas en ... • http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 86%CPEs: 6EXPL: 5CVE-2005-1921 – PHPXMLRPC < 1.1 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2005-1921
01 Jul 2005 — Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement. • https://www.exploit-db.com/exploits/43829 • CWE-94: Improper Control of Generation of Code ('Code Injection') •