CVE-2004-1928

Tikiwiki Cms/groupware < 1.8.1 - Improper Input Validation

Title source: rule

Description

The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL.

Exploits (2)

exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23948
exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/43809

References (5)

Scores

EPSS 0.0747
EPSS Percentile 91.8%

Details

CWE
CWE-20
Status published
Products (2)
tiki/tikiwiki_cms\/groupware 1.6.1
tiki/tikiwiki_cms\/groupware < 1.8.1
Published Apr 12, 2004
Tracked Since Feb 18, 2026