Fullscreen
Loading...
 
[Show/Hide Right Column]

Security

Disclose a vulnerability

To allow us time to patch the system, please report the vulnerability using the bug tracking system using the category "security" but without detailing the vulnerability so it cannot be exploited AND please contact the security team with full details and we'll deal with your input.

Feel free to use the Tiki Wiki CMS Groupware Release/Security Team PGP/GPG key (Key fingerprint = 6F76 39C9 6C8A 12D7 8F12 89A0 BC50 FC18 256C 3F93) to encrypt sensitive information for us.


Please see http://security.tiki.org

Open

 RatingSubjectSubmitted byCategoryImportanceEasy to solve?PriorityVolunteered to solveLastModifComs
open -2 -1 1 2 (0) Help onclick, onmouseover, etc. cause the in preview, and preview diffmarclaporteBug: conflict of two features (each works well independently)
6
1 difficult
6
 
2013-10-280
open -2 -1 1 2 (0) Help Redirect plugin: add wiki= so we can use this plugin without a validation at each pageFeature request
Less than 30-minute fix
6
8
48
 
2010-01-150
open -2 -1 1 2 (0) Help PHPIDS (PHP-Intrusion Detection System) marclaporteFeature request
9
5
45
 
2013-10-280
open -2 -1 1 2 (0) Help Review .htaccess from HTML5 Boilerplate for security and performancemarclaporteFeature request
6
6
36
 
2013-11-230
open -2 -1 1 2 (0) Help "protect all sessions" conflicts other https preferencesmarclaporteBug: conflict of two features (each works well independently)
7
5
35
 
2013-10-280
open -2 -1 1 2 (0) Help OpenPGP support for emails to usersfmgFeature request
7
5
35
 
2013-10-282
fmg-01 Oct. 12
open -2 -1 1 2 (0) Help Smarter handling of HTTPS/SSL for included elements that are in HTTP (especially JavaScript)marclaporteBug: conflict of two features (each works well independently)
7
5
35
k
2013-10-285
marclaporte-09 Mar. 13
open -2 -1 1 2 (0) Help 9.1, trackers, security: hidden user selector type field keeps listing all the users as optionsGergelyBug: Usability
7
5
35
 
2013-10-280
open -2 -1 1 2 (0) Help Add a virtual keyboardmarclaporteFeature request
4
8
32
 
2014-01-300
open -2 -1 1 2 (0) Help Adding some Tiki built-in login authentication methodsAmirSharifFeature request
10 high
1 difficult
10
 
2013-10-201
marclaporte-27 Nov. 13
open -2 -1 1 2 (0) Help Setting admin password in the installer, with option to force change at first loginmarclaporteFeature request
6
 
0
 
2013-11-250
open -2 -1 1 2 (0) Help "Ignore individual object permissions" not working for Lucene EngineJenserBug: Error
7
 
0
 
2013-06-050
open -2 -1 1 2 (0) Help No spam protection for shoutbox usersJanKrohnBug: Usability
7
 
 
2009-10-290
open -2 -1 1 2 (0) Help Security issue in a moduleBug: Error
7
 
 
2008-12-120
open -2 -1 1 2 (0) Help Login at workflow.tw.o and info.tw.o fails with XMLRPC Error: 5mikespubBug: Error
Dogfood on a *.tiki.org site
 
 
 
2008-12-210
open -2 -1 1 2 (0) Help Add "tiki_p_admin_structures" permissionRiSKBug: Usability
Feature request
6
 
 
2010-04-070
open -2 -1 1 2 (0) Help Logout fails to work when web authorization is selectedmizraithBug: Usability
5
 
mizraith
2009-04-080
open -2 -1 1 2 (0) Help Web Auth Needs Some Fine TuningmizraithBug: Usability
Feature request
Bug: conflict of two features (each works well independently)
7
 
mizraith
2009-04-080
open -2 -1 1 2 (0) Help Enhancement: Use .htpasswd / .htgroup for user access & controlmizraithFeature request
5
 
 
2009-04-251
marclaporte-23 Sep. 13
open -2 -1 1 2 (0) Help Profiles Repository URLs Are Not Connect joon2gBug: Usability
Support request
7
 
 
2009-11-020
open -2 -1 1 2 (0) Help Fatal error: Call to undefined TikiDb_Adodb::setAttribute() in ..\lib\tikisession-pdo.php on line 18Bug: Error
6
 
 
2009-11-175
trebly-07 Feb. 10
open -2 -1 1 2 (0) Help ssl_error_rx_record_too_long when using "Require Secure (HTTPS) login" (CPANEL self-signed cert.)PentroseBug: Error
Bug: Usability
1 low
 
 
2010-03-150
open -2 -1 1 2 (0) Help Take in account the Apache option "AccessFileName" treblyFeature request
3
 
 
2010-08-050
open -2 -1 1 2 (0) Help Plugin validation does not work, TW50B1GergelyBug: Error
Bug: Usability
Bug: Regression
7
 
 
2010-12-221
Gergely-16 Aug. 10
open -2 -1 1 2 (0) Help Errors when trying to change access rightshuogasBug: Error
7
 
Chealer9
2010-09-280
open -2 -1 1 2 (0) Help Social networking complicationsVranicoffBug: Usability
7
 
 
2010-11-182
Vranicoff-30 Dec 10
open -2 -1 1 2 (0) Help anti hammering is a nice security feature against floodingGergelyFeature request
Documentation (or Advocacy)
 
 
 
2010-12-120
open -2 -1 1 2 (0) Help default tiki setup vulnarable to subfolder linksGergelyBug: Error
7
 
 
2010-12-131
Gergely-18 Jan. 11
open -2 -1 1 2 (0) Help Tiki 6.1 and later do not work under IIS 6, while 6.0 didmoretolearnBug: Error
Bug: Regression
Bug: Consistency
Less than 30-minute fix
7
 
 
2011-10-086
olibird-13 Apr. 11
open -2 -1 1 2 (0) Help Registration vulnerabilityedwinbenninkSupport request
7
 
 
2012-06-080
open -2 -1 1 2 (0) Help temp/.htaccess breaks antibot image servingwu-leeBug: Error
Bug: Usability
Bug: Regression
Less than 30-minute fix
9 high
10 easy
 
2012-08-161
fmg-24 Oct. 12
open -2 -1 1 2 (0) Help jCapture doesn't work via SSL when SSL is not valid (rest of Tiki is OK)marclaporteBug: conflict of two features (each works well independently)
2
2
 
2013-12-030
open -2 -1 1 2 (1) Help Enhance mail deliveryxaviBug: Usability
8
5
 
2014-02-060
open -2 -1 1 2 (1) Help ValidationxaviBug: Usability
8
3
 
2014-02-100

Pending

 RatingSubjectSubmitted byCategoryImportanceInvert SortEasy to solve?PriorityVolunteered to solveLastModifComs
pending -2 -1 1 2 (0) Help Easy way to deal with SSL when using external images or scriptsmarclaporteFeature request
1 low
 
 
2012-10-020
pending -2 -1 1 2 (0) Help Security DB and mods don't work together marclaporteBug: Usability
Feature request
1 low
 
 
2008-02-220
pending -2 -1 1 2 (0) Help File gallery: Virus checkermarclaporteFeature request
1 low
 
 
2008-10-141
marclaporte-01 Dec 13
pending -2 -1 1 2 (0) Help Password will not be accepted when using @ > or < in the password string (with or without LDAP)ukoeglerBug: Usability
Bug: Regression
10 high
3
30
 
2013-11-036
marclaporte-03 Nov. 13
pending -2 -1 1 2 (0) Help Lost changes when you mistype antibot codealain_desiletsBug: Error
10 high
6
60
manivannans
2013-12-020
pending -2 -1 1 2 (0) Help Approving a user logs the admin as that useralain_desiletsBug: Regression
10 high
5
50
manivannans
2013-11-291
alain_desilets-09 Dec 13
pending -2 -1 1 2 (0) Help Path disclosure bug in trackersmarclaporteBug: Error
2
 
 
2007-06-120
pending -2 -1 1 2 (0) Help Trackback pings should not use fopen to open urls.redfloBug: Error
3
 
 
2008-04-041
mrisch-03 Feb. 08
pending -2 -1 1 2 (0) Help wiki-edit: footnotes allows htmlWoGBug: Error
3
 
 
2008-02-031
marclaporte-03 Feb. 08
pending -2 -1 1 2 (0) Help dynamic contents in userdefined modules crashes tikikern
3
 
 
2007-07-100
pending -2 -1 1 2 (0) Help Built it TPL editor removes Javascript from the TemplatesBug: Usability
Feature request
3
 
nyloth
2008-10-143
marclaporte-06 Dec 07
pending -2 -1 1 2 (0) Help Trackers: ratings fake vote by URLmarclaporteBug: Error
Dogfood on a *.tiki.org site
3
 
 
2007-12-070
pending -2 -1 1 2 (0) Help Instantaneous visual feedback of password strengthmarclaporteFeature request
3
 
ricks99
2008-08-290
pending -2 -1 1 2 (0) Help Image attachements are not saved uniqueBernhardBug: Error
Bug: Usability
5
 
 
2007-06-035
mccabem-29 Apr. 08
pending -2 -1 1 2 (0) Help Security bug which bypasses directory site validation.dknudsonBug: Error
5
 
 
2008-02-030
pending -2 -1 1 2 (0) Help binddb and bindpw not used when binding to LDAPalexrBug: Error
Patch
5
 
 
2010-10-082
Chealer9-08 Oct. 10
pending -2 -1 1 2 (0) Help Secdb for all files (not just php)marclaporteFeature request
5
 
 
2007-11-241
marclaporte-27 Sep. 12
pending -2 -1 1 2 (0) Help Warning: is_dir(): Stat failed for ./img/wiki_up/tiki1/... intiki-admin_security.php?check_filesxaviBug: Usability
6
 
 
2006-09-060
pending -2 -1 1 2 (0) Help Registration Page does not display and password suggestion does not consider security settings.orkzBug: Usability
Feature request
6
 
 
2008-02-032
horizon-06 Apr. 08
pending -2 -1 1 2 (0) Help User Information Page shows non-public wiki page titlesmrischBug: Error
7
 
 
2008-07-241
SiL3NC3-18 June 11
pending -2 -1 1 2 (0) Help CLI search index maintenance conflicts with "Protect all sessions with HTTPS"noumenonBug: conflict of two features (each works well independently)
Less than 30-minute fix
Indexing
7
10 easy
70
 
2013-11-043
marclaporte-05 Nov. 13
pending -2 -1 1 2 (0) Help security issue: login issueglanBug: Error
8
 
 
2012-05-200
pending -2 -1 1 2 (0) Help Upgrade to rel 4 : No permissions for user "admin"peter5Bug: Regression
Less than 30-minute fix
9 high
8
72
 
2010-01-153
plugmusc-17 Jan. 11

Closed

 RatingSubjectSubmitted byCategoryImportanceEasy to solve?PriorityVolunteered to solveLastModifComs
closed -2 -1 1 2 (0) Help PluginMediaPlayer should use own copy of flash file and not call the web (added to composer)marclaporteBug: Consistency
6
9
54
manivannans
2013-11-032
daniam-26 Oct. 13
closed -2 -1 1 2 (0) Help smarty_security and tiki_cdn cause Icons missing when using own content delivery networkleagrisPatch
Bug: conflict of two features (each works well independently)
5
10 easy
50
 
2013-11-214
marclaporte-21 Oct. 13
closed -2 -1 1 2 (0) Help Need to restart browser after accessing a closed sitealain_desiletsBug: Error
10 high
5
50
manivannans
2013-10-290
closed -2 -1 1 2 (0) Help LDAP Admin Password Stored as Plain Text In System LogsjcarterLess than 30-minute fix
9 high
5
45
 
2012-06-081
jcarter-14 May 12
closed -2 -1 1 2 (0) Help Plugin VIMEO needed to be rewritten to vimeo to prevent < x> to show up in the url param at edition timexaviBug: Regression
5
5
25
jonnybradley
2013-11-223
jonnybradley-21 Oct. 13
closed -2 -1 1 2 (0) Help Password shown in clear under some circumstancesxaviFeature request
5
5
25
 
2013-12-040
closed -2 -1 1 2 (0) Help mail-in provides no securitymrischBug: Error
4
 
0
 
2013-06-143
SEWilco-26 Nov. 08
closed -2 -1 1 2 (0) Help Categorisation permission issue with Calendars and TrackerseromnegBug: Error
Bug: Consistency
9
 
0
 
2013-06-061
marclaporte-27 Dec 09
closed -2 -1 1 2 (0) Help Plugin html should have security, and pass code exactly as ismarclaporteFeature request
6
 
0
 
2013-06-050
closed -2 -1 1 2 (0) Help Password managermarclaporteFeature request
Dogfood on a *.tiki.org site
6
 
0
 
2013-06-051
carsten.aevermann-08 Aug. 10
closed -2 -1 1 2 (0) Help Plugins admin interface to activate/deactivate pluginsmarclaporteFeature request
9 high
 
lphuberdeau
2009-03-010
closed -2 -1 1 2 (0) Help Optional disabling on javascript stripping protectionmarclaporteFeature request
Dogfood on a *.tiki.org site
6
 
lphuberdeau
2010-01-150
closed -2 -1 1 2 (0) Help tikiwiki version 1.9.5 (CVS) -Sirius- mysql password disclosure & xssauditorBug: Error
9 high
 
ohertel
2006-11-010
closed -2 -1 1 2 (0) Help No access permission on articles----articles accessible by articleID for any groupasidhuFeature request
 
 
 
2007-12-052
asidhu-17 Jan. 07
closed -2 -1 1 2 (0) Help Vulnerability in registratingOnnoPaap
9 high
 
OnnoPaap
2007-10-141
marclaporte-02 June 07
closed -2 -1 1 2 (0) Help CVE-2006-6457 tikiwiki vulnerableBug: Error
Support request
 
 
 
2007-06-121
marclaporte-12 June 07
closed -2 -1 1 2 (0) Help Better protection against accidental site breakage with improper use of code in modules + template marclaporteBug: Error
Bug: Usability
Feature request
4
 
 
2009-01-306
marclaporte-30 Jan. 09
closed -2 -1 1 2 (0) Help Banning users ( tiki-admin_banning.php ) doesn't work for me at doc.tw.oxaviBug: Usability
6
 
luci
2010-03-311
luci-21 June 07
closed -2 -1 1 2 (0) Help My site totally dead: Warning: ini_set() has been disabled for security reasonsmarclaporteBug: Error
7
 
 
2009-04-283
bobcatt-15 Oct. 07
closed -2 -1 1 2 (0) Help Wiki cache & plugins: WYSIWYCA problem when admin visits the page (and creates the cache)marclaporteBug: Error
6
 
 
2007-08-301
marclaporte-18 Aug. 07
closed -2 -1 1 2 (0) Help Forum security issue: Ref: H56mr_teatimeBug: Error
7
 
koth
2007-10-130
closed -2 -1 1 2 (0) Help Restrict possible characters in usernamesmarclaporteBug: Error
Bug: Usability
Feature request
3
 
 
2009-03-030
closed -2 -1 1 2 (0) Help Wiki cache & plugins: WYSIWYCA problem when admin visits the page (and creates the cache)marclaporteBug: Error
6
 
SEWilco
2008-10-148
SEWilco-16 Sep. 08
closed -2 -1 1 2 (0) Help image gallery: sort_mode=filesize causes mysql error and path disclosuremarclaporteBug: Error
5
 
luci
2008-03-060
closed -2 -1 1 2 (0) Help Secdb automatic check with cron jobmarclaporteFeature request
5
 
lphuberdeau
2009-04-101
kerrnel22-12 Dec 07
closed -2 -1 1 2 (0) Help XSS vulnerability issue B96FortifyBug: Error
9 high
 
 
2008-02-260
closed -2 -1 1 2 (0) Help Authenticated RSSmarclaporteFeature request
5
 
 
2009-06-012
marclaporte-02 June 09
closed -2 -1 1 2 (0) Help tiki_p_search makes users "admin"walklifeBug: Error
Bug: Consistency
8
 
 
2008-04-013
snarlydwarf-01 Apr. 08
closed -2 -1 1 2 (0) Help Automatic SVN commit of secdb and syncdbmarclaporteCommunity projects
5
 
 
2012-09-271
marclaporte-27 Sep. 12
closed -2 -1 1 2 (0) Help Need stronger CAPTCHAalain_desiletsFeature request
7
 
 
2012-03-291
SEWilco-12 Feb. 09
closed -2 -1 1 2 (0) Help Change Crypt passwords methodFeature request
4
 
 
2008-08-180
closed -2 -1 1 2 (0) Help TikiWiki 2.0: Odd Tags get Inserted into HTML CodenikhilodeonBug: Error
Bug: Usability
Bug: Consistency
 
 
 
2008-08-130
closed -2 -1 1 2 (0) Help TikiWiki 2.0: SearchBox Not Displaying for Anonymous UsersnikhilodeonBug: Usability
Support request
7
 
nikhilodeon
2008-09-040
closed -2 -1 1 2 (0) Help URL_ID replaced in a linkDesertWolfBug: Error
Bug: Usability
4
&nbsp;
&nbsp;
2009-09-131
DesertWolf-22 Oct. 08
closed


-2

-1

1

2



(0)

Help

Multimedia Flash unusable due to XSS protectionSEWilcoBug: Error
Bug: Usability
Bug: Regression
9 high
&nbsp;
&nbsp;
2009-04-103
SEWilco-24 Nov. 08
closed


-2

-1

1

2



(0)

Help

topic permissions not working in tiki-list_articles.phppagdevBug: Error
Patch
Support request
6
&nbsp;
&nbsp;
2008-11-170
closed


-2

-1

1

2



(0)

Help

site based on 2.2 + tikipedia attacked at tiki-browse_image.php from galleriesxaviBug: Usability
Dogfood on a *.tiki.org site
9 high
&nbsp;
&nbsp;
2009-04-181
chibaguy-19 Apr. 09
closed


-2

-1

1

2



(0)

Help

false positive at tikiwiki security error report xaviBug: Usability
Dogfood on a *.tiki.org site
4
&nbsp;
&nbsp;
2013-01-100
closed


-2

-1

1

2



(0)

Help

Security:Active XSS in URI allows remote exploitation of user browserorionrobotsBug: Error
8
&nbsp;
&nbsp;
2009-04-170
closed


-2

-1

1

2



(0)

Help

styles/transitions/2.1to3.0.css file vandalizedarnaudherve
8
&nbsp;
&nbsp;
2010-01-141
marclaporte-14 Jan. 10
closed


-2

-1

1

2



(0)

Help

Modules do not work when called from within wiki pagessjfosterBug: Error
8
&nbsp;
&nbsp;
2010-01-153
sjfoster-15 Jan. 10
closed


-2

-1

1

2



(0)

Help

potential security hole related to managing usersxaviBug: Usability
Support request
9 high
&nbsp;
&nbsp;
2010-03-310
closed


-2

-1

1

2



(0)

Help

Using preg_replace with /e modifierReganBug: Error
Feature request
Patch
&nbsp;
&nbsp;
&nbsp;
2010-01-284
Chealer9-28 Jan. 10
closed


-2

-1

1

2



(0)

Help

HTMLpurifier no longer permits to use Paypal buttons (starting in Tiki4)marclaporteBug: Regression
Bug: conflict of two features (each works well independently)
8
&nbsp;
&nbsp;
2013-03-213
marclaporte-27 Feb. 10
closed


-2

-1

1

2



(0)

Help

Add New User - Gen Password - Validate By Email is Broken in 4.1 and 4.2edmundBug: Error
Bug: Usability
Bug: Regression
Bug: Consistency
9 high
&nbsp;
&nbsp;
2010-04-020
closed


-2

-1

1

2



(0)

Help

PHP Code Injection VulnerabilityEgiX
9 high
&nbsp;
&nbsp;
2012-05-200
closed


-2

-1

1

2



(0)

Help

webdavxen
&nbsp;
&nbsp;
&nbsp;
2012-02-272
marclaporte-27 Feb. 12
closed


-2

-1

1

2



(0)

Help

Critical security vulnerabilityEgiX
9 high
&nbsp;
&nbsp;
2012-05-200
~/np~


Spaces [toggle]

Search Wishes (subject only) [toggle]

Keywords [toggle]

The following is a list of keywords that should serve as hubs for navigation within the Tiki development and should correspond to documentation keywords.

Each feature in Tiki has a wiki page which regroups all the bugs, requests for enhancements, etc. It is somewhat a form of wiki-based project management. You can also express your interest in a feature by adding it to your profile. You can also try out the Dynamic filter.




TogetherButton [toggle]

Documentation: PluginTogether