CVE-2012-3996

TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html	Exploit
http://dev.tiki.org/item4109	Patch
http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS	Patch
http://info.tiki.org/article191-Tiki-Releases-8-4	Patch
http://www.exploit-db.com/exploits/19573	Exploit
http://www.exploit-db.com/exploits/19630	Exploit
http://www.osvdb.org/83533
http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html	Exploit
http://dev.tiki.org/item4109	Patch
http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS	Patch
http://info.tiki.org/article191-Tiki-Releases-8-4	Patch
http://www.exploit-db.com/exploits/19573	Exploit
http://www.exploit-db.com/exploits/19630	Exploit
http://www.osvdb.org/83533

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:tiki:tikiwiki_cms\/groupware::::::::
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:2.2:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.0:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.1:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.2:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.3:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.4:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.5:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:4:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:4.0:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:4.1:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:4.2:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:5.0:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:5.1:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:5.2:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:5.3:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:6.0:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:6.1:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:6.2:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:7.0:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:7.1:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:7.2:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:8.0:::::::*
	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:8.1:::::::*

History

21 Nov 2024, 01:42

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html - Exploit~~	() http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html - Exploit
References	~~() http://dev.tiki.org/item4109 - Patch~~	() http://dev.tiki.org/item4109 - Patch
References	~~() http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS - Patch~~	() http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS - Patch
References	~~() http://info.tiki.org/article191-Tiki-Releases-8-4 - Patch~~	() http://info.tiki.org/article191-Tiki-Releases-8-4 - Patch
References	~~() http://www.exploit-db.com/exploits/19573 - Exploit~~	() http://www.exploit-db.com/exploits/19573 - Exploit
References	~~() http://www.exploit-db.com/exploits/19630 - Exploit~~	() http://www.exploit-db.com/exploits/19630 - Exploit
References	~~() http://www.osvdb.org/83533 -~~	() http://www.osvdb.org/83533 -

Information

Published : 2012-07-12 19:55

Updated : 2024-11-21 01:42

NVD link : CVE-2012-3996

Mitre link : CVE-2012-3996

CVE.ORG link : CVE-2012-3996

JSON object : View

Products Affected

tiki

tikiwiki_cms\/groupware

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

5.0 /10