TikiWiki tiki-lastchanges.php Empty sort_mode Parameter Information Disclosure

Medium Nessus Plugin ID 46737

Synopsis

The remote web server hosts an application that is affected by an information disclosure vulnerability.

Description

The installed version of TikiWiki reveals database credentials used by the application when an empty 'sort_mode' parameter is passed to the 'tiki-lastchanges.php' script.

An attacker could exploit this issue to extract the username/password for the remote database resulting in disclosure of sensitive information or attacks against the underlying database.

Note that other scripts included with this install are likely affected by the same vulnerability, although Nessus has not checked them.

Solution

Update to TikiWiki 1.9.6 or later.

See Also

https://seclists.org/bugtraq/2006/Nov/13

http://dev.tiki.org/tiki-view_tracker_item.php?itemId=927

https://tiki.org/ReleaseProcess196

Plugin Details

Severity: Medium

ID: 46737

File Name: tikiwiki_195_info_disclosure.nasl

Version: 1.15

Type: remote

Family: CGI abuses

Published: 2010/05/27

Updated: 2018/11/15

Dependencies: 46736

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:tikiwiki:tikiwiki

Required KB Items: www/tikiwiki

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: false

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 2006/11/06

Vulnerability Publication Date: 2006/11/01

Reference Information

CVE: CVE-2006-5702

BID: 20858

EDB-ID: 2701

Secunia: 22678