PT-2019-10178 · Tiki · Tiki

Published

2019-01-15

Updated

2019-01-18

CVE-2018-20719

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Tiki versions prior to 17.2

Description: The issue concerns a SQL Injection vulnerability via the show history parameter in the tiki-user tasks.php component.

Recommendations: For versions prior to 17.2, update to version 17.2 or later to resolve the issue.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2018-20719

Tiki