Vulnerabilities > Tiki > High

DATE CVE VULNERABILITY TITLE RISK
2023-01-14 CVE-2023-22850 Deserialization of Untrusted Data vulnerability in Tiki
Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call.
network
low complexity
tiki CWE-502
8.8
8.8
2023-01-14 CVE-2023-22851 Unrestricted Upload of File with Dangerous Type vulnerability in Tiki
Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call.
network
low complexity
tiki CWE-434
7.2
7.2
2023-01-14 CVE-2023-22853 Code Injection vulnerability in Tiki
Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval.
network
low complexity
tiki CWE-94
8.8
8.8
2020-12-11 CVE-2020-29254 Cross-Site Request Forgery (CSRF) vulnerability in Tiki Tikiwiki Cms/Groupware 21.2
TikiWiki 21.2 allows templates to be edited without CSRF protection.
network
low complexity
tiki CWE-352
8.8
8.8
2020-01-27 CVE-2011-4558 Injection vulnerability in Tiki
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.
network
low complexity
tiki CWE-74
7.2
7.2
2019-10-28 CVE-2010-4241 Cross-Site Request Forgery (CSRF) vulnerability in Tiki Tikiwiki Cms/Groupware 5.2
Tiki Wiki CMS Groupware 5.2 has CSRF
network
low complexity
tiki CWE-352
8.8
8.8
2019-01-15 CVE-2018-20719 SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware
In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.
network
low complexity
tiki CWE-89
8.8
8.8
2018-02-21 CVE-2018-7304 Improper Neutralization of Formula Elements in a CSV File vulnerability in Tiki 17.1
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation.
network
low complexity
tiki CWE-1236
8.8
8.8
2017-09-30 CVE-2017-14925 Cross-Site Request Forgery (CSRF) vulnerability in Tiki Tikiwiki Cms/Groupware
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php.
network
low complexity
tiki CWE-352
8.0
8.0
2017-09-30 CVE-2017-14924 Cross-Site Request Forgery (CSRF) vulnerability in Tiki Tikiwiki Cms/Groupware
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php.
network
low complexity
tiki CWE-352
8.0
8.0