Vulnerabilities > Tiki > Tikiwiki CMS Groupware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-28 | CVE-2010-4239 | Improper Input Validation vulnerability in Tiki Tikiwiki Cms/Groupware 5.2 Tiki Wiki CMS Groupware 5.2 has Local File Inclusion | 7.5 |
| 2013-11-06 | CVE-2013-4715 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-03-27 | CVE-2010-1136 | Permissions, Privileges, and Access Controls vulnerability in Tiki Tikiwiki Cms/Groupware The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php. | 7.5 |
| 2010-03-27 | CVE-2010-1135 | Credentials Management vulnerability in Tiki Tikiwiki Cms/Groupware 4.0/4.1 The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse. | 7.5 |
| 2010-03-27 | CVE-2010-1134 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable. | 7.5 |
| 2010-03-27 | CVE-2010-1133 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware 4.0/4.1 Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php. | 7.5 |
| 2009-08-24 | CVE-2003-1574 | Improper Authentication vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1 TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. | 7.5 |
| 2007-10-26 | CVE-2007-5684 | Path Traversal vulnerability in Tiki Tikiwiki Cms/Groupware Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded "..%2F" sequences in the imp_language parameter to tiki-imexport_languages.php. | 7.5 |
| 2007-10-26 | CVE-2007-5682 | Permissions, Privileges, and Access Controls vulnerability in Tiki Tikiwiki Cms/Groupware Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423. | 7.5 |
| 2007-10-12 | CVE-2007-5423 | Code Injection vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.8 tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function. | 7.5 |