CVE-2011-4558

HIGH

Tiki < 8.2 - Authenticated Remote Code Execution via Regex Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4558. PoCs published by EgiX.

AI-analyzed exploit summary The writeup describes a PHP code injection vulnerability in Tiki Wiki CMS Groupware <= 8.2, where a null byte injection bypasses a regex check in 'snarf_ajax.php', allowing arbitrary PHP code execution via the 'regexres' parameter. Exploitation requires admin privileges and the 'PluginSnarf' feature to be enabled.

Description

Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.

Exploits (1)

exploitdb WRITEUP

by EgiX · textwebappsphp

https://www.exploit-db.com/exploits/18265

View Code ZIP pw:eip

The writeup describes a PHP code injection vulnerability in Tiki Wiki CMS Groupware <= 8.2, where a null byte injection bypasses a regex check in 'snarf_ajax.php', allowing arbitrary PHP code execution via the 'regexres' parameter. Exploitation requires admin privileges and the 'PluginSnarf' feature to be enabled.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Tiki Wiki CMS Groupware <= 8.2

Auth required

Prerequisites: Admin account · PluginSnarf enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://packetstormsecurity.com/files/108111/Tiki-Wiki-CMS-Groupware-8.2-Code-Injection.html

Scores

CVSS v3 7.2

EPSS 0.0427

EPSS Percentile 89.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-74

Status published

Products (1)

tiki/tiki < 8.2

Published Jan 27, 2020

Tracked Since Feb 18, 2026