
We found results for “”
CVE-2025-32461
Good to know:

Date: April 8, 2025
wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3.
Severity Score
Related Resources (9)
Severity Score
Weakness Type (CWE)
Improper Neutralization of Special Elements Used in a Template Engine
CWE-1336Top Fix

Upgrade Version
Upgrade to version https://gitlab.com/tikiwiki/tiki.git - tags/21.12;https://gitlab.com/tikiwiki/tiki.git - tags/24.8;https://gitlab.com/tikiwiki/tiki.git - tags/27.2;https://gitlab.com/tikiwiki/tiki.git - tags/28.3
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |