TikiWiki tiki-lastchanges.php Empty sort_mode Parameter Information Disclosure

medium Nessus Plugin ID 46737

Synopsis

The remote web server hosts an application that is affected by an information disclosure vulnerability.

Description

The installed version of TikiWiki reveals database credentials used by the application when an empty 'sort_mode' parameter is passed to the 'tiki-lastchanges.php' script.

An attacker could exploit this issue to extract the username/password for the remote database resulting in disclosure of sensitive information or attacks against the underlying database.

Note that other scripts included with this install are likely affected by the same vulnerability, although Nessus has not checked them.

Solution

Update to TikiWiki 1.9.6 or later.

See Also

https://seclists.org/bugtraq/2006/Nov/13

http://dev.tiki.org/tiki-view_tracker_item.php?itemId=927

https://tiki.org/ReleaseProcess196

Plugin Details

Severity: Medium

ID: 46737

File Name: tikiwiki_195_info_disclosure.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 5/27/2010

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:tikiwiki:tikiwiki

Required KB Items: www/tikiwiki

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 11/6/2006

Vulnerability Publication Date: 11/1/2006

Reference Information

CVE: CVE-2006-5702

BID: 20858

SECUNIA: 22678