CVE-2004-1928
published 2004-04-12CVE-2004-1928: The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.11%
86.2th percentile
The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tiki | tikiwiki_cms_groupware | <= 1.8.1 | — |
| tiki | tikiwiki_cms_groupware | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
TikiWiki Project 1.8 - 'img/wiki_up' Arbitrary File Upload
exploitdb·2004-04-12
CVE-2004-1928 TikiWiki Project 1.8 - 'img/wiki_up' Arbitrary File Upload
TikiWiki Project 1.8 - 'img/wiki_up' Arbitrary File Upload
---
source: https://www.securityfocus.com/bid/10100/info
Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload.
http://www.example.com/img/wiki_up/filenamehere
Exploit-DB
TikiWiki < 1.8.1 - Multiple Vulnerabilities
exploitdb·2004-04-11·CVSS 5.0
CVE-2004-1923 [MEDIUM] TikiWiki < 1.8.1 - Multiple Vulnerabilities
TikiWiki Theme
User Profile > Country Field
User Profile > Real Name
User Profile > Displayed time zone
Directory > Add Site > Name
Directory > Add Site > Description
Directory > Add Site > URL
Directory > Add Site > Country
Remote File/Dir Enumeration Via Traversal:
This issue deals with the map feature TikiWiki uses. If you are using a version prior to 1.8 or if you have not enabled the map feature this probably does not affect you. The map feature calls a .map file to display whatever map a user would like to view, but the problem with this is that it allows you to traverse out of the web directory and call files elsewhere on the box. While this does not allow you to say pull up a file for viewing or download, it will allow you to confirm the existence of both files and directories on
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=108180073206947&w=2http://secunia.com/advisories/11344http://tikiwiki.org/tiki-read_article.php?articleId=66http://www.securityfocus.com/bid/10100https://exchange.xforce.ibmcloud.com/vulnerabilities/15849http://marc.info/?l=bugtraq&m=108180073206947&w=2http://secunia.com/advisories/11344http://tikiwiki.org/tiki-read_article.php?articleId=66http://www.securityfocus.com/bid/10100https://exchange.xforce.ibmcloud.com/vulnerabilities/15849
2004-04-12
Published