Vulnerabilities > Tiki > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-14 | CVE-2023-22850 | Deserialization of Untrusted Data vulnerability in Tiki Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call. | 8.8 |
| 2023-01-14 | CVE-2023-22851 | Unrestricted Upload of File with Dangerous Type vulnerability in Tiki Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call. | 7.2 |
| 2023-01-14 | CVE-2023-22853 | Code Injection vulnerability in Tiki Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval. | 8.8 |
| 2020-10-22 | CVE-2020-15906 | Improper Restriction of Excessive Authentication Attempts vulnerability in Tiki tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts. | 7.5 |
| 2019-10-28 | CVE-2010-4239 | Improper Input Validation vulnerability in Tiki Tikiwiki Cms/Groupware 5.2 Tiki Wiki CMS Groupware 5.2 has Local File Inclusion | 7.5 |
| 2013-11-06 | CVE-2013-4715 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-03-27 | CVE-2010-1136 | Permissions, Privileges, and Access Controls vulnerability in Tiki Tikiwiki Cms/Groupware The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php. | 7.5 |
| 2010-03-27 | CVE-2010-1135 | Credentials Management vulnerability in Tiki Tikiwiki Cms/Groupware 4.0/4.1 The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse. | 7.5 |
| 2010-03-27 | CVE-2010-1134 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable. | 7.5 |
| 2010-03-27 | CVE-2010-1133 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware 4.0/4.1 Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php. | 7.5 |