CVE-2010-1134
https://notcve.org/view.php?id=CVE-2010-1134
SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable. Vulnerabilidad de inyección SQL en la función _find en searchlib.php en TikiWiki CMS/Groupware v3.x anteriores a v3.5 , permite a atacantes remotos ejecutar comandos SQL de su elección a través de la variable $searchDate • http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases http://osvdb.org/62800 http://secunia.com/advisories/38882 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25429 http://www.securityfocus.com/bid/38608 https://exchange.xforce.ibmcloud.com/vulnerabilities/56769 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2005-1921 – PHPXMLRPC < 1.1 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2005-1921
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement. • https://www.exploit-db.com/exploits/43829 https://www.exploit-db.com/exploits/16882 https://www.exploit-db.com/exploits/1078 https://www.exploit-db.com/exploits/1083 https://www.exploit-db.com/exploits/1084 http://marc.info/?l=bugtraq&m=112008638320145&w=2 http://marc.info/?l=bugtraq&m=112015336720867&w=2 http://marc.info/?l=bugtraq&m=112605112027335&w=2 http://pear.php.net/package/XML_RPC/download/1.3.1 http://secunia.com/advisories/15810 http: • CWE-94: Improper Control of Generation of Code ('Code Injection') •