Vulnerability Details CVE-2006-6168
tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.043
EPSS Ranking 88.3%
CVSS Severity
CVSS v2 Score 7.5
References
- http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51
- http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69
- http://www.vupen.com/english/advisories/2006/4709
- http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51
- http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69
- http://www.vupen.com/english/advisories/2006/4709
Products affected by CVE-2006-6168
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.6.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.8.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.0
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.1.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.2
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.3
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.3.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.3.2
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.4
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.5
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.6