CSV Injection Vulnerability in Tiki Wiki CMS by Tiki Software
CVE-2018-7304
8.8HIGH
What is CVE-2018-7304?
The Tiki Wiki CMS version 17.1 suffers from a CSV injection vulnerability due to improper validation of user input, allowing an attacker to craft malicious payloads that can execute arbitrary commands on the victim's machine. For instance, by exploiting this flaw, an attacker can trigger the opening of CMD.EXE or Calculator applications, thereby facilitating unauthorized actions, such as remote code execution and data manipulation, when creating users.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved