CVE-2006-6168
TikiWiki < 1.9.7 - Notification Spam via Email Field Input Validation Bypass
Title source: llmDescription
tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email."
References (3)
Core 3
Core References
Product x_refsource_confirm
http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4709
Product x_refsource_confirm
http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69
Scores
EPSS
0.0268
EPSS Percentile
84.1%
Details
CWE
CWE-20
Status
published
Products (8)
tiki/tikiwiki_cms\/groupware
1.6.1
tiki/tikiwiki_cms\/groupware
1.9.0 (4 CPE variants)
tiki/tikiwiki_cms\/groupware
1.9.1
tiki/tikiwiki_cms\/groupware
1.9.2
tiki/tikiwiki_cms\/groupware
1.9.3
tiki/tikiwiki_cms\/groupware
1.9.4
tiki/tikiwiki_cms\/groupware
1.9.5
tiki/tikiwiki_cms\/groupware
< 1.9.6
Published
Nov 29, 2006
Tracked Since
Feb 18, 2026