Tiki Wiki CMS Groupware Unspecified SQL Injection and Cross Site Scripting Vulnerabilities

Tiki Wiki CMS Groupware is prone to unspecified SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following versions are vulnerable:

Tiki Wiki CMS Groupware prior to 11.1
Tiki Wiki CMS Groupware prior to 10.4
Tiki Wiki CMS Groupware prior to 9.7LTS
Tiki Wiki CMS Groupware prior to 6.13LTS


 

Privacy Statement
Copyright 2010, SecurityFocus