CVE-2006-6168 - Vulnerability Details

Vendors	Products
Tiki	Tikiwiki Cms\/groupware

Link	Providers
http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51
http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69
http://www.vupen.com/english/advisories/2006/4709

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-10T00:00:00", "descriptions": [{"lang": "en", "value": "tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger \"notification-spam\" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of \"a minimal check on email.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-02-26T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51"}, {"name": "ADV-2006-4709", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4709"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6168", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger \"notification-spam\" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of \"a minimal check on email.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51", "refsource": "CONFIRM", "url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51"}, {"name": "ADV-2006-4709", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4709"}, {"name": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69", "refsource": "CONFIRM", "url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:19:35.191Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51"}, {"name": "ADV-2006-4709", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4709"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6168", "datePublished": "2006-11-29T02:00:00", "dateReserved": "2006-11-28T00:00:00", "dateUpdated": "2024-08-07T20:19:35.191Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2006-11-10T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email." (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2009-02-26T10:00:00 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51 (string)

}

1 : { »

name : ADV-2006-4709 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

]

url : http://www.vupen.com/english/advisories/2006/4709 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2006-6168 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email." (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51 (string)

refsource : CONFIRM (string)

url : http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51 (string)

}

1 : { »

name : ADV-2006-4709 (string)

refsource : VUPEN (string)

url : http://www.vupen.com/english/advisories/2006/4709 (string)

}

2 : { »

name : http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69 (string)

refsource : CONFIRM (string)

url : http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T20:19:35.191Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51 (string)

}

1 : { »

name : ADV-2006-4709 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

2 : x_transferred (string)

]

url : http://www.vupen.com/english/advisories/2006/4709 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2006-6168 (string)

datePublished : 2006-11-29T02:00:00 (string)

dateReserved : 2006-11-28T00:00:00 (string)

dateUpdated : 2024-08-07T20:19:35.191Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*", "matchCriteriaId": "255A9708-AA35-458B-8521-735D2AF7A637", "versionEndIncluding": "1.9.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "04CA9500-8F56-40DC-A6C4-F9964EFCD4F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "B13501C0-3322-4D0C-8F7F-12535C76CB69", "vulnerable": true}, {"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "6FB63DA4-E9B5-4BDF-A4E5-54F4EE4E94AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "ADE04A29-E90B-41E1-A8B4-462B54C079B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "2540703B-63B8-41F4-A17A-0274A7DE7E63", "vulnerable": true}, {"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "1489E8DC-11E7-49A3-84FF-909954147D01", "vulnerable": true}, {"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "035EEFAB-B46C-407F-BF8C-B33756D4EEC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "127349FA-B76D-402A-B688-F2F44024FA11", "vulnerable": true}, {"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "175D43FD-450F-443E-831B-B8091BE7054F", "vulnerable": true}, {"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "2F437662-CD55-477B-9FEE-0CC4E6CB908D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger \"notification-spam\" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of \"a minimal check on email.\""}, {"lang": "es", "value": "tiki-register.php en TikiWiki anterior a 1.9.7 permite a atacantes remotos disparar \"notificaci\u00f3n de spam\" mediante vectores no especificados como una lista de direcciones separadas por coma en el campo email, relacionado con la falta de \"un  m\u00ednimo chequeo en email\"."}], "id": "CVE-2006-6168", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-29T02:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51"}, {"source": "cve@mitre.org", "url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4709"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4709"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 255A9708-AA35-458B-8521-735D2AF7A637 (string)

versionEndIncluding : 1.9.6 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.6.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 04CA9500-8F56-40DC-A6C4-F9964EFCD4F8 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B13501C0-3322-4D0C-8F7F-12535C76CB69 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.0:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 6FB63DA4-E9B5-4BDF-A4E5-54F4EE4E94AA (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.0:rc2:*:*:*:*:*:* (string)

matchCriteriaId : ADE04A29-E90B-41E1-A8B4-462B54C079B4 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.0:rc3:*:*:*:*:*:* (string)

matchCriteriaId : 2540703B-63B8-41F4-A17A-0274A7DE7E63 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 1489E8DC-11E7-49A3-84FF-909954147D01 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 035EEFAB-B46C-407F-BF8C-B33756D4EEC3 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 127349FA-B76D-402A-B688-F2F44024FA11 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 175D43FD-450F-443E-831B-B8091BE7054F (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 2F437662-CD55-477B-9FEE-0CC4E6CB908D (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email." (string)

}

1 : { »

lang : es (string)

value : tiki-register.php en TikiWiki anterior a 1.9.7 permite a atacantes remotos disparar "notificación de spam" mediante vectores no especificados como una lista de direcciones separadas por coma en el campo email, relacionado con la falta de "un mínimo chequeo en email". (string)

}

]

id : CVE-2006-6168 (string)

lastModified : 2025-04-09T00:30:58.490 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : true (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2006-11-29T02:28:00.000 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51 (string)

}

1 : { »

source : cve@mitre.org (string)

url : http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69 (string)

}

2 : { »

source : cve@mitre.org (string)

url : http://www.vupen.com/english/advisories/2006/4709 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.vupen.com/english/advisories/2006/4709 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-20 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object