CVE-2004-1925

Tiki CMS/Groupware < 1.8.1 - SQL Injection via sort_mode or offset Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 16 public exploits for CVE-2004-1925. PoCs published by JeiAr.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in TikiWiki, including SQL injection via the 'taskId' and 'offset' parameters in 'tiki-user_tasks.php'. It references a known CVE but lacks actual exploit code.

Description

Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4) tiki-browse_categories.php, (5) tiki-index.php, (6) tiki-user_tasks.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-file_galleries.php, (10) tiki-list_faqs.php, (11) tiki-list_trackers.php, (12) tiki-list_blogs.php, or via the offset parameter in (13) tiki-usermenu.php, (14) tiki-browse_categories.php, (15) tiki-index.php, (16) tiki-user_tasks.php, (17) tiki-list_faqs.php, (18) tiki-list_trackers.php, or (19) tiki-list_blogs.php.

Exploits (16)

exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23972

The provided text describes multiple vulnerabilities in TikiWiki, including SQL injection via the 'taskId' and 'offset' parameters in 'tiki-user_tasks.php'. It references a known CVE but lacks actual exploit code.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki (version not specified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23963

The provided text describes multiple vulnerabilities in TikiWiki, including SQL injection via the 'sort_mode' parameter in tiki-usermenu.php. However, no functional exploit code is included.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki (version not specified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23978

The provided text describes multiple vulnerabilities in TikiWiki, including SQL injection via the 'offset' parameter in tiki-usermenu.php. It lacks executable exploit code but references a known CVE.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki (version not specified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23976

The provided text describes multiple vulnerabilities in TikiWiki, including SQL injection via the 'sort_mode' parameter in 'tiki-list_trackers.php'. It lacks executable exploit code but outlines attack vectors.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki (version not specified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23983

The provided text describes multiple vulnerabilities in TikiWiki CMS, including SQL injection via the 'offset' and 'sort_mode' parameters in 'tiki-list_trackers.php'. No actual exploit code is present, only parameter descriptions.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki CMS (version not specified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23964

The provided text describes multiple vulnerabilities in TikiWiki, including SQL injection via the 'sort_mode' parameter in 'tiki-list_file_gallery.php'. No actual exploit code is present, only a description of the vulnerability.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki (version not specified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23975

The provided text describes multiple vulnerabilities in TikiWiki, including SQL injection via the 'sort_mode' parameter in 'tiki-list_faqs.php'. It lacks executable exploit code but outlines attack vectors.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki (version not specified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23982

The provided text describes multiple vulnerabilities in various modules of an application, including SQL injection via the 'offset' parameter in 'tiki-list_faqs.php'. However, it lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki CMS/Groupware (version not specified)
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23977

The provided text describes multiple vulnerabilities in TikiWiki CMS, specifically highlighting a SQL injection vulnerability in the 'tiki-list_blogs.php' script via the 'sort_mode' parameter. It does not contain executable exploit code but references a known CVE.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki CMS (version not specified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23984

The provided text describes multiple vulnerabilities in TikiWiki, including SQL injection via the 'offset' parameter in 'tiki-list_blogs.php'. However, it lacks executable exploit code, making it a vulnerability writeup rather than a functional PoC.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki (version not specified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23971

The provided text describes multiple vulnerabilities in TikiWiki, including SQL injection via the 'comments_offset' parameter in 'tiki-index.php'. However, it lacks executable exploit code, making it a vulnerability writeup rather than a functional PoC.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki (version not specified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23974

The provided text describes multiple vulnerabilities in TikiWiki, including SQL injection via the 'sort_mode' parameter in 'tiki-file_galleries.php'. It references a SecurityFocus BID but lacks actual exploit code.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki (version not specified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23973

The provided text describes multiple vulnerabilities in TikiWiki CMS, including SQL injection via the 'sort_mode' parameter in 'tiki-directory_search.php'. No actual exploit code is present, only a reference to a vulnerable parameter.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki CMS (version not specified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23965

The provided text describes multiple vulnerabilities in TikiWiki CMS, including SQL injection via the 'sort_mode' parameter in 'tiki-directory_ranking.php'. However, no actual exploit code is present.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki CMS
No auth needed
Prerequisites: Access to the vulnerable TikiWiki CMS instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23966

The provided text describes multiple vulnerabilities in TikiWiki CMS, specifically highlighting a SQL injection vulnerability in the 'tiki-browse_categories.php' file. It does not contain executable exploit code but references a parameter susceptible to SQL injection.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki CMS (version not specified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki CMS instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/43809

This is a detailed technical writeup describing multiple vulnerabilities in TikiWiki CMS/Groupware, including path disclosure, XSS, SQL injection, code injection, file enumeration, and arbitrary file upload. It provides specific examples of vulnerable parameters and attack vectors.

Classification
Writeup 100%
Attack Type
Info Leak | Xss | Sqli | Other
Complexity
Moderate
Reliability
Reliable
Target: TikiWiki CMS/Groupware <= 1.8.1
No auth needed
Prerequisites: Access to the TikiWiki web interface
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10100
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108180073206947&w=2
Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11344
Patch, Vendor Advisory x_refsource_confirm
http://tikiwiki.org/tiki-read_article.php?articleId=66
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15845

Scores

EPSS 0.0121
EPSS Percentile 64.4%

Details

CWE
CWE-89
Status published
Products (2)
tiki/tikiwiki_cms\/groupware 1.6.1
tiki/tikiwiki_cms\/groupware < 1.8.1
Published Apr 12, 2004
Tracked Since Feb 18, 2026