Описание
Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- Vendor Advisory
- Exploit
- PatchVendor Advisory
- Vendor Advisory
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:4.0:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:4.1:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00706
Низкий
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
debian
почти 16 лет назад
Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x b ...
github
почти 4 года назад
Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php.
EPSS
Процентиль: 72%
0.00706
Низкий
7.5 High
CVSS2
Дефекты
CWE-89