PT-2004-2821 · Tikiwiki · Tikiwiki Cms/Groupware

Jeiar

Publicado

2004-04-11

Atualizado

2017-07-11

CVE-2004-1923

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Tiki CMS/Groupware (TikiWiki) versions 1.8.1 and earlier

Description The issue allows remote attackers to gain sensitive information via direct requests to specific API endpoints, including "banner click.php", "categorize.php", "tiki-admin include directory.php", and "tiki-directory search.php". These endpoints reveal the web server path in an error message.

Recommendations For versions 1.8.1 and earlier, consider restricting access to the vulnerable API endpoints "banner click.php", "categorize.php", "tiki-admin include directory.php", and "tiki-directory search.php" to minimize the risk of exploitation.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2004-1923

Produtos afetados

Tikiwiki Cms/Groupware

PT-2004-2821 · Tikiwiki · Tikiwiki Cms/Groupware

CVE-2004-1923

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8