CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2010-1134
https://notcve.org/view.php?id=CVE-2010-1134
26 Mar 2010 — SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable. Vulnerabilidad de inyección SQL en la función _find en searchlib.php en TikiWiki CMS/Groupware v3.x anteriores a v3.5 , permite a atacantes remotos ejecutar comandos SQL de su elección a través de la variable $searchDate • http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2010-1135
https://notcve.org/view.php?id=CVE-2010-1135
26 Mar 2010 — The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse. La función user_logout en TikiWiki CMS/Groupware v4.x anteriores a v4.2 no borra de forma adecuada las cookies de login del usuario, lo que permite a atacantes remotos obtener acceso a traves de reutilizar la cookie. • http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases • CWE-255: Credentials Management Errors •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2010-1136
https://notcve.org/view.php?id=CVE-2010-1136
26 Mar 2010 — The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php. El método Standard Remember en TikiWiki CMS/Groupware 3v.x anteriores a v3.5 permite a atacantes remotos saltarse las restriccines de acceso relativas a "persistent login", probablemente a través de la generación de cookies predecibles basadas en ... • http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2003-1574
https://notcve.org/view.php?id=CVE-2003-1574
24 Aug 2009 — TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information. TikiWiki v1.6.1 permite a usuarios remotos evitar la autenticación introduciendo un nombre de usuario válido con un password arbitrario. Vulnerabilidad posiblemente relacionada con la característica "Remember Me" de Internet Explorer. NOTA: algunos de los... • http://sourceforge.net/tracker/index.php?func=detail&aid=748739&group_id=64258&atid=506846 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 8CVE-2009-1204 – TikiWiki 2.2/3.0 - 'tiki-galleries.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1204
01 Apr 2009 — Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan_pages.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en TikiWiki (Tiki) CMS/Groupware v2.2 permite a atacantes remotos inyectar web script o HTML a través de la parte PHP_SELF de una URI de (1) tiki-galleries.p... • https://www.exploit-db.com/exploits/32852 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5318
https://notcve.org/view.php?id=CVE-2008-5318
03 Dec 2008 — Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653. Vulnerabilidad no especificada en Tikiwiki y versiones anteriores a 2.2, con desconocido impacto y vectores de ataque relativos al "tamaño de entrada proporcionado por el usuario", diferente vulnerabilidad que CVE-2008-3653. • http://info.tikiwiki.org/tiki-read_article.php?articleId=41 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5319
https://notcve.org/view.php?id=CVE-2008-5319
03 Dec 2008 — Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653. Vulnerabilidad no especificada en Tikiwiki 2.2 y versiones anteriores, con desconocido impacto y un vector de ataque relativo al archivo tiki-error.php, diferente vulnerabilidad que CVE-2008-3653. • http://info.tikiwiki.org/tiki-read_article.php?articleId=41 •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2008-3653
https://notcve.org/view.php?id=CVE-2008-3653
13 Aug 2008 — Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en TikiWiki CMS/Groupware antes de 2.0 tiene un impacto y vectores de ataque desconocidos. • http://info.tikiwiki.org/tiki-read_article.php?articleId=35 •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2008-3654
https://notcve.org/view.php?id=CVE-2008-3654
13 Aug 2008 — Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors. Vulnerabilidad no especificada en TikiWiki CMS/Groupware antes de 2.0 permite a atacantes obtener "la ruta y la configuración PHP" mediante vectores desconocidos. • http://info.tikiwiki.org/tiki-read_article.php?articleId=35 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1047
https://notcve.org/view.php?id=CVE-2008-1047
27 Feb 2008 — Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en tiki-edit_article.php de TikiWiki before 1.9.10.1 permite a atacantes remotos inyectar web script o HTML de su elección a través de vectores no especificados. • http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=1498 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •