CVE-2006-5702

Name of the Vulnerable Software and Affected Versions: Tikiwiki version 1.9.5

Description: The issue allows remote attackers to obtain sensitive information, including the MySQL username and password, by exploiting an empty sort mode parameter in various PHP files. This is achieved through certain database error messages that reveal the information. The affected PHP files include tiki-listpages.php, tiki-lastchanges.php, messu-archive.php, messu-mailbox.php, messu-sent.php, tiki-directory add site.php, tiki-directory ranking.php, tiki-directory search.php, tiki-forums.php, tiki-view forum.php, tiki-friends.php, tiki-list blogs.php, tiki-list faqs.php, tiki-list trackers.php, tiki-list users.php, tiki-my tiki.php, tiki-notepad list.php, tiki-orphan pages.php, tiki-shoutbox.php, tiki-usermenu.php, and tiki-webmail contacts.php.

Recommendations: As a temporary workaround, consider restricting access to the vulnerable PHP files until a patch is available. Avoid using an empty sort mode parameter in the affected API endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.