CVE-2005-1925

Tikiwiki < 1.9.1 - Path Traversal via suck_url or language Parameter

Title source: llm
STIX 2.1

Description

Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php.

References (7)

Core 7
Core References
Patch, Vendor Advisory third-party-advisory x_refsource_idefense
http://www.idefense.com/application/poi/display?id=335&type=vulnerabilities
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23099
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15390
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23095
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15392
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015190
Patch, Vendor Advisory third-party-advisory x_refsource_idefense
http://www.idefense.com/application/poi/display?id=337&type=vulnerabilities

Scores

EPSS 0.0265
EPSS Percentile 83.8%

Details

CWE
CWE-22
Status published
Products (3)
tiki/tikiwiki_cms\/groupware 1.6.1
tiki/tikiwiki_cms\/groupware 1.9.0 rc1 (3 CPE variants)
tiki/tikiwiki_cms\/groupware < 1.9.0
Published Nov 18, 2005
Tracked Since Feb 18, 2026