CVE-2006-5702 : Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort

Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages.

Published 2006-11-04 01:07:00

Updated 2018-10-17 21:44:12

Source MITRE

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2006-5702

Probability of exploitation activity in the next 30 days: 3.92%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2006-5702

TikiWiki Information Disclosure

Disclosure Date: 2006-11-01

First seen: 2020-04-26

auxiliary/admin/tikiwiki/tikidblib

A vulnerability has been reported in Tikiwiki, which can be exploited by an anonymous user to dump the MySQL user & passwd just by creating a mysql error with the "sort_mode" var. The vulnerability was reported in Tikiwiki version 1.9.5. Authors: - Matteo

More information

CVSS scores for CVE-2006-5702

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2006-5702

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2006-5702

http://securityreason.com/securityalert/1816

CVEs referencing this url
http://www.vupen.com/english/advisories/2006/4316

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/29960
http://security.gentoo.org/glsa/glsa-200611-11.xml

CVEs referencing this url
http://www.securityfocus.com/archive/1/450268/100/0/threaded

CVEs referencing this url
http://www.securityfocus.com/bid/20858

Tikiwiki Information Disclosure and Cross-Site Scripting Vulnerabilities
Exploit

CVEs referencing this url

Products affected by CVE-2006-5702

Tiki » Tikiwiki Cms/groupware » Version: 1.9.5
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.5:*:*:*:*:*:*:*
Matching versions