Exploit

EDB-ID: 23951	Author: JeiAr	Published: 2004-04-12
CVE: CVE-2004-1926	Type: Webapps	Platform: PHP
Aliases: N/A	Advisory/Source: Link	Tags: N/A
E-DB Verified:	Exploit: Download / View Raw	Vulnerable App: N/A

« Previous Exploit Next Exploit »

source: http://www.securityfocus.com/bid/10100/info
    
Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload.

Directory > Add Site > Name
Directory > Add Site > Description
Directory > Add Site > URL
Directory > Add Site > Country

Related Exploits

Trying to match CVEs (1): CVE-2004-1926
Trying to match OSVDBs (1): 5185
Other Possible E-DB Search Terms: TikiWiki Project 1.8, TikiWiki Project

Date	Title	Author
2004-04-12	TikiWiki Project 1.8 - 'categorize.php' Direct Request Full Path Disclosure	JeiAr
2004-04-12	TikiWiki Project 1.8 - 'img/wiki_up' Arbitrary File Upload	JeiAr
2004-04-12	TikiWiki Project 1.8 - 'messu-mailbox.php' Multiple Parameter Cross-Site Scripting	JeiAr
2004-04-12	TikiWiki Project 1.8 - 'messu-read.php' Multiple Parameter Cross-Site Scripting	JeiAr
2004-04-12	TikiWiki Project 1.8 - 'tiki-browse_categories.php' parentId Parameter Cross-Site Scripting	JeiAr
2004-04-12	TikiWiki Project 1.8 - 'tiki-index.php' comments_threshold Parameter Cross-Site Scripting	JeiAr
2004-04-12	TikiWiki Project 1.8 - 'tiki-list_file_gallery.php' galleryID Parameter Cross-Site Scripting	JeiAr
2004-04-12	TikiWiki Project 1.8 - 'tiki-list_file_gallery.php' sort_mode Parameter SQL Injection	JeiAr
2004-04-12	TikiWiki Project 1.8 - 'tiki-map.phtml' Traversal Arbitrary File / Directory Enumeration	JeiAr
2004-04-12	TikiWiki Project 1.8 - 'tiki-print_article.php' articleId Parameter Cross-Site Scripting	JeiAr
2004-04-12	TikiWiki Project 1.8 - 'tiki-read_article.php' articleId Parameter Cross-Site Scripting	JeiAr
2004-04-12	TikiWiki Project 1.8 - 'tiki-switch_theme.php' theme Parameter Cross-Site Scripting	JeiAr
2004-04-12	TikiWiki Project 1.8 - 'tiki-upload_file.php' galleryID Parameter Cross-Site Scripting	JeiAr
2004-04-12	TikiWiki Project 1.8 - 'tiki-usermenu.php' sort_mode Parameter SQL Injection	JeiAr
2004-04-12	TikiWiki Project 1.8 - 'tiki-view_chart.php' chartId Parameter Cross-Site Scripting	JeiAr
2004-04-12	TikiWiki Project 1.8 - 'tiki-view_faq.php' faqId Parameter Cross-Site Scripting	JeiAr
2004-04-12	TikiWiki Project 1.8 - tiki-browse_categories.php sort_mode Parameter SQL Injection	JeiAr
2004-04-12	TikiWiki Project 1.8 - tiki-directory_ranking.php sort_mode Parameter SQL Injection	JeiAr
2004-04-12	TikiWiki Project 1.8 - tiki-directory_search.php sort_mode Parameter SQL Injection	JeiAr
2004-04-12	TikiWiki Project 1.8 - tiki-file_galleries.php sort_mode Parameter SQL Injection	JeiAr
2004-04-12	TikiWiki Project 1.8 - tiki-index.php comments_offset & offset Parameter SQL Injections	JeiAr
2004-04-12	TikiWiki Project 1.8 - tiki-list_blogs.php offset Parameter SQL Injection	JeiAr
2004-04-12	TikiWiki Project 1.8 - tiki-list_blogs.php sort_mode Parameter SQL Injection	JeiAr
2004-04-12	TikiWiki Project 1.8 - tiki-list_faqs.php offset Parameter SQL Injection	JeiAr
2004-04-12	TikiWiki Project 1.8 - tiki-list_faqs.php sort_mode Parameter SQL Injection	JeiAr

TikiWiki Project 1.8 - Add Site Multiple Options Remote Code Injection

Related Exploits