|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
TikiWiki contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker inserts arbitrary data into the "topics_sort_mode" variable in the tiki-view_forum_thread.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Information Disclosure
Impact:
Loss of Confidentiality
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Solution |
Currently, there are no known workarounds or upgrades to correct this issue. However, Tiki Wiki has released a patch to address this vulnerability, and it can be found in cvs.
|
|
Products |
|
TikiWiki
 |
1.9.0x |
1.9.1x |
1.9.2 |
|
|
|
|
|
Credit |
- Moritz Naumann - security
 moritz-naumann.com - Moritz Naumann IT Consulting & Services
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
