CVE-2004-1926

Name of the Vulnerable Software and Affected Versions Tiki CMS/Groupware (TikiWiki) versions 1.8.1 and earlier

Description The issue allows remote attackers to inject arbitrary code via specific fields in a User Profile or Directory/Add Site operation. The vulnerable fields include Theme, Country, Real Name, and Displayed time zone in a User Profile, as well as Name, Description, URL, and Country in a Directory/Add Site operation.

Recommendations For versions 1.8.1 and earlier, consider restricting access to the User Profile and Directory/Add Site features until a fix is available. As a temporary workaround, avoid using the vulnerable fields Theme, Country, Real Name, Displayed time zone, Name, Description, URL, in these operations to minimize the risk of exploitation.