CVE-2006-6457: Infoleak
First published: Mon Dec 11 2006(Updated: )
tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tiki Wiki CMS Groupware | =1.9.2 | |
| Tiki Wiki CMS Groupware | =1.9.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2006-6457?
CVE-2006-6457 is considered a high-severity vulnerability due to the potential exposure of sensitive MySQL credentials.
How do I fix CVE-2006-6457?
To fix CVE-2006-6457, update to a patched version of Tikiwiki that addresses this vulnerability, preferably a release later than 1.9.5.
What systems are affected by CVE-2006-6457?
CVE-2006-6457 affects Tikiwiki versions 1.9.2 and 1.9.5, and possibly other versions.
What type of attack does CVE-2006-6457 allow?
CVE-2006-6457 allows remote attackers to exploit the vulnerability by obtaining sensitive information through crafted input.
What information can be leaked through CVE-2006-6457?
CVE-2006-6457 can leak sensitive information such as MySQL username and password through error messages.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/tiki
- canonical/tiki wiki cms groupware
- version/tiki wiki cms groupware/1.9.2
- version/tiki wiki cms groupware/1.9.5