CVE-2006-6168

TikiWiki < 1.9.7 - Notification Spam via Email Field Input Validation Bypass

Title source: llm
STIX 2.1

Description

tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email."

Scores

EPSS 0.0268
EPSS Percentile 84.1%

Details

CWE
CWE-20
Status published
Products (8)
tiki/tikiwiki_cms\/groupware 1.6.1
tiki/tikiwiki_cms\/groupware 1.9.0 (4 CPE variants)
tiki/tikiwiki_cms\/groupware 1.9.1
tiki/tikiwiki_cms\/groupware 1.9.2
tiki/tikiwiki_cms\/groupware 1.9.3
tiki/tikiwiki_cms\/groupware 1.9.4
tiki/tikiwiki_cms\/groupware 1.9.5
tiki/tikiwiki_cms\/groupware < 1.9.6
Published Nov 29, 2006
Tracked Since Feb 18, 2026