Tiki Tikiwiki Cms/groupware — known CVE vulnerabilities
Every CVE whose affected-product data names Tiki Tikiwiki Cms/groupware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (74)
CVE-2008-3653 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors.
CVE-2007-6529 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2)…
CVE-2025-34111 — CVSS 9.8 (critical): An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder…
CVE-2012-0911 — CVSS 9.8 (critical): TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object…
CVE-2020-29254 — CVSS 8.8 (high): TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a…
CVE-2018-20719 — CVSS 8.8 (high): In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.
CVE-2017-14925 — CVSS 8.0 (high): Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS…
CVE-2017-14924 — CVSS 8.0 (high): Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS…
CVE-2006-4734 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL…
CVE-2007-5682 — CVSS 7.5 (high): Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code…
CVE-2004-1386 — CVSS 7.5 (high): TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP…
CVE-2004-1925 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL…
CVE-2004-1926 — CVSS 7.5 (high): Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real…
CVE-2004-1928 — CVSS 7.5 (high): The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute…
CVE-2005-0200 — CVSS 7.5 (high): TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to…
CVE-2005-1921 — CVSS 7.5 (high): Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc)…
CVE-2005-1925 — CVSS 7.5 (high): Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands…
CVE-2006-3048 — CVSS 7.5 (high): SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via…
CVE-2006-4602 — CVSS 7.5 (high): Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP…
CVE-2006-6168 — CVSS 7.5 (high): tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a…
CVE-2007-5423 — CVSS 7.5 (high): tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter…
CVE-2003-1574 — CVSS 7.5 (high): TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related…
CVE-2007-5684 — CVSS 7.5 (high): Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files…
CVE-2010-1133 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands…
CVE-2010-1134 — CVSS 7.5 (high): SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to…
CVE-2010-1135 — CVSS 7.5 (high): The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote…
CVE-2010-1136 — CVSS 7.5 (high): The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to…
CVE-2013-4715 — CVSS 7.5 (high): SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1…
CVE-2016-10143 — CVSS 7.5 (high): A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in…
CVE-2020-8966 — CVSS 6.5 (medium): There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki…
CVE-2017-9145 — CVSS 6.1 (medium): TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS.
CVE-2016-9889 — CVSS 6.1 (medium): Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before…
CVE-2013-6022 — CVSS 6.1 (medium): A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a…
CVE-2017-9305 — CVSS 6.1 (medium): lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero…
CVE-2012-5321 — CVSS 5.8 (medium): tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct…
CVE-2018-14850 — CVSS 5.4 (medium): Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator…
CVE-2019-15314 — CVSS 5.4 (medium): tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a…
CVE-2021-36550 — CVSS 5.4 (medium): TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This…
CVE-2021-36551 — CVSS 5.4 (medium): TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability…
CVE-2018-14849 — CVSS 5.4 (medium): Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php.
CVE-2018-7188 — CVSS 5.4 (medium): An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator…
CVE-2008-5319 — CVSS 5.0 (medium): Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than…
CVE-2005-3529 — CVSS 5.0 (medium): tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid…
CVE-2012-3996 — CVSS 5.0 (medium): TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1)…
CVE-2008-5318 — CVSS 5.0 (medium): Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a…
CVE-2008-3654 — CVSS 5.0 (medium): Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors.
CVE-2004-1923 — CVSS 5.0 (medium): Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1)…
CVE-2006-5702 — CVSS 5.0 (medium): Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in…
CVE-2007-6528 — CVSS 5.0 (medium): Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a…
CVE-2004-1927 — CVSS 5.0 (medium): Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote…
CVE-2006-6457 — CVSS 5.0 (medium): tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL…
CVE-2005-3528 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject…
CVE-2005-3283 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2006-3047 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web…
CVE-2009-1204 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or…
CVE-2007-5683 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script…
CVE-2007-6526 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web…
CVE-2006-5703 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script…
CVE-2006-6162 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web…
CVE-2006-6163 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary…
CVE-2013-4714 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x…
CVE-2004-1924 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject…
CVE-2011-4551 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote…
CVE-2006-4299 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script…
CVE-2008-1047 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary…