CVE-2010-1136

N/A Unknown
Published: March 27, 2010 Modified: April 29, 2026
View on NVD

Description

The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases
Source: cve@mitre.org
http://osvdb.org/62801
Source: cve@mitre.org
http://secunia.com/advisories/38882
Source: cve@mitre.org
Vendor Advisory
http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196
Source: cve@mitre.org
http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196
Source: cve@mitre.org
http://www.securityfocus.com/bid/38608
Source: cve@mitre.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/56771
Source: cve@mitre.org
http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases
Source: af854a3a-2127-422b-91ae-364da2661108
http://osvdb.org/62801
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/38882
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196
Source: af854a3a-2127-422b-91ae-364da2661108
http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/38608
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/56771
Source: af854a3a-2127-422b-91ae-364da2661108

14 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.5%
65th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

tiki

Related CVEs

CVE-2026-45218 7.7
CVE-2026-45215 5.3
CVE-2026-45214 8.5
CVE-2026-45213 7.6
CVE-2026-45212 5.3