← back
CVE-2004-1926

CVE-2004-1926

EPSS 7.5%
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation.
Affected products
n/a · n/a
public PoCs found3
exploitdbwww.exploit-db.com/exploits/43809unverifiedexploitdbwww.exploit-db.com/exploits/23951unverifiedexploitdbwww.exploit-db.com/exploits/23950unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://marc.info/?l=bugtraq&m=108180073206947&w=2http://secunia.com/advisories/11344http://tikiwiki.org/tiki-read_article.php?articleId=66http://www.securityfocus.com/bid/10100