CVE-2012-5321

Published: Oct 8, 2012Modified: Apr 29, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection."

Affected (1)

Products: Tiki: Tikiwiki Cms/groupware

Tiki

1 product

Tikiwiki Cms/groupware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tiki Tikiwiki Cms/groupware	Version 8.3

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

http://osvdb.org/79409

Source: cve@mitre.org

http://secunia.com/advisories/48102

Source: cve@mitre.org

Vendor Advisory

http://st2tea.blogspot.com/2012/02/tiki-wiki-cms-groupware-frame-injection.html

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/52079

Source: cve@mitre.org

Exploit

http://www.securitytracker.com/id?1026708

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/73403

Source: cve@mitre.org

http://osvdb.org/79409