CVE-2013-4715
high
CVSS v3
—
VIR risk
7.5
Description
SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | 6.8 | |
| tiki | tikiwiki_cms\/groupware | 6.9 | |
| tiki | tikiwiki_cms\/groupware | 6.10 | |
| tiki | tikiwiki_cms\/groupware | 6.11 | |
| tiki | tikiwiki_cms\/groupware | 6.12 | |
| tiki | tikiwiki_cms\/groupware | 9.0 | |
| tiki | tikiwiki_cms\/groupware | 9.1 | |
| tiki | tikiwiki_cms\/groupware | 9.2 | |
| tiki | tikiwiki_cms\/groupware | 9.3 | |
| tiki | tikiwiki_cms\/groupware | 9.4 | |
| tiki | tikiwiki_cms\/groupware | 9.5 | |
| tiki | tikiwiki_cms\/groupware | 9.6 | |
| tiki | tikiwiki_cms\/groupware | 10.0 | |
| tiki | tikiwiki_cms\/groupware | 10.1 | |
| tiki | tikiwiki_cms\/groupware | 10.2 | |
| tiki | tikiwiki_cms\/groupware | 10.3 | |
| tiki | tikiwiki_cms\/groupware | 11.0 | |
References
- http://info.tiki.org/article221-New-Versions-of-all-supported-versions-of-Tiki-Wiki-CMS-Groupware
- http://jvn.jp/en/jp/JVN75720314/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2013-000100
- http://info.tiki.org/article221-New-Versions-of-all-supported-versions-of-Tiki-Wiki-CMS-Groupware
- http://jvn.jp/en/jp/JVN75720314/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2013-000100
CWEs
CWE-89
💬 Discuss CVE-2013-4715 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.