Vulnerabilities > Tiki > Tikiwiki CMS Groupware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-03-27 | CVE-2010-1135 | Credentials Management vulnerability in Tiki Tikiwiki Cms/Groupware 4.0/4.1 The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse. | 7.5 |
| 2010-03-27 | CVE-2010-1134 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable. | 7.5 |
| 2010-03-27 | CVE-2010-1133 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware 4.0/4.1 Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php. | 7.5 |
| 2009-08-24 | CVE-2003-1574 | Improper Authentication vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1 TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. | 7.5 |
| 2009-04-01 | CVE-2009-1204 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 2.2 Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan_pages.php. | 4.3 |
| 2008-12-03 | CVE-2008-5319 | Multiple Unspecified vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1 Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653. | 5.0 |
| 2008-12-03 | CVE-2008-5318 | Multiple Unspecified vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1 Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653. | 5.0 |
| 2008-08-13 | CVE-2008-3654 | Remote Security vulnerability in TikiWiki Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors. | 5.0 |
| 2008-08-13 | CVE-2008-3653 | Remote Security vulnerability in TikiWiki Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors. | 10.0 |
| 2008-02-27 | CVE-2008-1047 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1 Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |