2019-01-15 16:00:00
mitre
PUBLISHED
In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.