CSV Injection Vulnerability in Tiki Wiki CMS by Tiki Software
CVE-2018-7304
8.8HIGH
What is CVE-2018-7304?
The Tiki Wiki CMS version 17.1 suffers from a CSV injection vulnerability due to improper validation of user input, allowing an attacker to craft malicious payloads that can execute arbitrary commands on the victim's machine. For instance, by exploiting this flaw, an attacker can trigger the opening of CMD.EXE or Calculator applications, thereby facilitating unauthorized actions, such as remote code execution and data manipulation, when creating users.