CVE-2003-1574

TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information.

Published: Aug 24, 2009
Updated: Apr 13, 2023
CVE: CVE-2003-1574
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
tiki / tikiwiki_cms/groupware	1.6.1	1.6.1.x

http://sourceforge.net/tracker/index.php?func=detail&aid=748739&group_id=64258&atid=506846
http://www.securityfocus.com/bid/14170
https://exchange.xforce.ibmcloud.com/vulnerabilities/40347

Vulnerability Database

289,697

CVE-2003-1574