CVE-2005-1925
Tikiwiki < 1.9.1 - Path Traversal via suck_url or language Parameter
Title source: llmDescription
Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php.
References (7)
Core 7
Core References
Patch, Vendor Advisory third-party-advisory
x_refsource_idefense
http://www.idefense.com/application/poi/display?id=335&type=vulnerabilities
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23099
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15390
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23095
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15392
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015190
Patch, Vendor Advisory third-party-advisory
x_refsource_idefense
http://www.idefense.com/application/poi/display?id=337&type=vulnerabilities
Scores
EPSS
0.0265
EPSS Percentile
83.8%
Details
CWE
CWE-22
Status
published
Products (3)
tiki/tikiwiki_cms\/groupware
1.6.1
tiki/tikiwiki_cms\/groupware
1.9.0 rc1 (3 CPE variants)
tiki/tikiwiki_cms\/groupware
< 1.9.0
Published
Nov 18, 2005
Tracked Since
Feb 18, 2026