Exploit Database - Logo

TikiWiki Project 1.8 - Add Site Multiple Options Remote Code Injections

EDB-ID: 23951 Author: JeiAr Published: 2004-04-12
CVE: CVE-2004-1926 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/10100/info
    
Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload.

Directory > Add Site > Name
Directory > Add Site > Description
Directory > Add Site > URL
Directory > Add Site > Country
« Previous Exploit Next Exploit »

Related Exploits

Trying to match CVEs (1): CVE-2004-1926
Trying to match OSVDBs (1): 5185
Other Possible E-DB Search Terms: TikiWiki Project 1.8,  TikiWiki Project
Date D V Title Author
2004-04-11 Waiting verification TikiWiki < 1.8.1 - Multiple VulnerabilitiesGulfTech Se...
2004-04-12 Verified TikiWiki Project 1.8 - 'categorize.php' Direct Request Full Path DisclosureJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'img/wiki_up' Arbitrary File UploadJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'messu-mailbox.php' Multiple Cross-Site Scripting VulnerabilitiesJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'messu-read.php' Multiple Cross-Site Scripting VulnerabilitiesJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'tiki-browse_categories.php?parentId' Cross-Site ScriptingJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'tiki-browse_categories.php?sort_mode' SQL InjectionJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'tiki-directory_ranking.php?sort_mode' SQL InjectionJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'tiki-directory_search.php?sort_mode' SQL InjectionJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'tiki-file_galleries.php?sort_mode' SQL InjectionJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'tiki-index.php?comments_offset & offset' SQL InjectionsJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'tiki-index.php?comments_threshold' Cross-Site ScriptingJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'tiki-list_blogs.php?offset' SQL InjectionJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'tiki-list_blogs.php?sort_mode' SQL InjectionJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'tiki-list_faqs.php?offset' SQL InjectionJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'tiki-list_faqs.php?sort_mode' SQL InjectionJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'tiki-list_file_gallery.php?galleryID' Cross-Site ScriptingJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'tiki-list_file_gallery.php?sort_mode' SQL InjectionJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'tiki-list_trackers.php?offset' SQL InjectionJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'tiki-list_trackers.php?sort_mode' SQL InjectionJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'tiki-map.phtml' Traversal Arbitrary File / Directory EnumerationJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'tiki-print_article.php?articleId' Cross-Site ScriptingJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'tiki-read_article.php?articleId' Cross-Site ScriptingJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'tiki-switch_theme.php?theme' Cross-Site ScriptingJeiAr
2004-04-12 Verified TikiWiki Project 1.8 - 'tiki-upload_file.php?galleryID' Cross-Site ScriptingJeiAr
Menu