Vulnerabilities > Tiki > Tiki > 6.11

DATE CVE VULNERABILITY TITLE RISK
2023-01-14 CVE-2023-22850 Deserialization of Untrusted Data vulnerability in Tiki
Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call.
network
low complexity
tiki CWE-502
8.8
8.8
2023-01-14 CVE-2023-22851 Unrestricted Upload of File with Dangerous Type vulnerability in Tiki
Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call.
network
low complexity
tiki CWE-434
7.2
7.2
2023-01-14 CVE-2023-22852 Cross-Site Request Forgery (CSRF) vulnerability in Tiki
Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php.
network
low complexity
tiki CWE-352
6.5
6.5
2023-01-14 CVE-2023-22853 Code Injection vulnerability in Tiki
Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval.
network
low complexity
tiki CWE-94
8.8
8.8
2020-08-03 CVE-2020-16131 Cross-site Scripting vulnerability in Tiki
Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php.
network
low complexity
tiki CWE-79
6.1
6.1
2020-01-27 CVE-2011-4558 Injection vulnerability in Tiki
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.
network
low complexity
tiki CWE-74
7.2
7.2
2019-11-20 CVE-2011-4455 Cross-site Scripting vulnerability in Tiki
Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php.
network
low complexity
tiki CWE-79
6.1
6.1
2019-11-20 CVE-2011-4454 Cross-site Scripting vulnerability in Tiki
Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki-login_scr.php, or (4) tiki-index.
network
low complexity
tiki CWE-79
6.1
6.1