CVE-2004-1927

TikiWiki CMS/Groupware < 1.8.1 - Path Traversal via Mapfile Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-1927. PoCs published by JeiAr.

AI-analyzed exploit summary The provided text describes a directory traversal vulnerability in TikiWiki's tiki-map.phtml module, allowing path disclosure via a crafted request. No executable exploit code is present, only a reference to the vulnerability.

Description

Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter.

Exploits (2)

exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23949

The provided text describes a directory traversal vulnerability in TikiWiki's tiki-map.phtml module, allowing path disclosure via a crafted request. No executable exploit code is present, only a reference to the vulnerability.

Classification
Writeup 80%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki (version not specified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/43809

This is a detailed technical writeup describing multiple vulnerabilities in TikiWiki CMS, including path disclosure, XSS, SQL injection, code injection, directory traversal, and arbitrary file upload. It provides specific examples of vulnerable parameters and attack vectors but does not include functional exploit code.

Classification
Writeup 95%
Attack Type
Info Leak | Xss | Sqli | Other
Complexity
Moderate
Reliability
Reliable
Target: TikiWiki CMS/Groupware <= 1.8.1
No auth needed
Prerequisites: Access to vulnerable TikiWiki instance
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10100
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108180073206947&w=2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11344
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15848

Scores

EPSS 0.0371
EPSS Percentile 88.3%

Details

CWE
CWE-22
Status published
Products (2)
tiki/tikiwiki_cms\/groupware 1.6.1
tiki/tikiwiki_cms\/groupware < 1.8.1
Published Apr 11, 2004
Tracked Since Feb 18, 2026