CVE-2004-1928

Tiki CMS/Groupware < 1.8.1 - Arbitrary File Upload via Image Upload Feature

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-1928. PoCs published by JeiAr.

AI-analyzed exploit summary The provided text is a brief writeup describing multiple vulnerabilities in an unspecified application, including path disclosure, XSS, SQL injection, and arbitrary file upload. It references a generic example URL but lacks exploit code or technical details.

Description

The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL.

Exploits (2)

exploitdb WRITEUP VERIFIED

by JeiAr · textwebappsphp

https://www.exploit-db.com/exploits/23948

View Code ZIP pw:eip

The provided text is a brief writeup describing multiple vulnerabilities in an unspecified application, including path disclosure, XSS, SQL injection, and arbitrary file upload. It references a generic example URL but lacks exploit code or technical details.

Classification

Writeup 80%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unspecified

No auth needed

Prerequisites: none specified

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/43809

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple vulnerabilities in TikiWiki CMS/Groupware, including path disclosure, XSS, SQL injection, code injection, file enumeration, and arbitrary file upload. It provides specific examples of vulnerable endpoints and attack vectors.

Classification

Writeup 100%

Attack Type

Info Leak | Xss | Sqli | Other

Complexity

Moderate

Reliability

Reliable

Target: TikiWiki CMS/Groupware <= 1.8.1

No auth needed

Prerequisites: Access to vulnerable TikiWiki installation

MITRE ATT&CK