CVE-2006-6457

Name of the Vulnerable Software and Affected Versions Tikiwiki versions 1.9.2 through 1.9.5

Description The issue allows remote attackers to obtain sensitive information, including the MySQL username and password, by exploiting the tiki-wiki rss.php file. This is achieved by providing an invalid ver parameter, which can be either large or negative, resulting in the leakage of sensitive information through an error message.

Recommendations For versions 1.9.2 through 1.9.5, consider restricting access to the tiki-wiki rss.php file until a fix is available, and avoid using invalid ver parameters to minimize the risk of exploitation.