Multiple security issues in TikiWiki 1.9.x

2005.11.10
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-200


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SA0003 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ Multiple security issues in TikiWiki 1.9.x +++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PUBLISHED ON Nov 09, 2005 PUBLISHED AT http://moritz-naumann.com/adv/0003/tikiw/0003.txt http://moritz-naumann.com/adv/0003/tikiw/0003.txt.sig PUBLISHED BY Moritz Naumann IT Consulting & Services Hamburg, Germany http://moritz-naumann.com/ info AT moritz HYPHON naumann D0T com GPG key: http://moritz-naumann.com/keys/0x277F060C.asc AFFECTED APPLICATION OR SERVICE TikiWiki http://tikiwiki.org/ AFFECTED VERSION 1.9.x up to and including 1.9.2 Possibly versions < 1.9 (untested) BACKGROUND "Tikiwiki is a full featured Free Software (GNU/LGPL) Wiki/CMS/Groupware written in PHP and maintained by an active and international community of benevolent contributors." ISSUE 1 (XSS) A XSS vulnerability has been detected in the fora code of TikiWiki. The problem is caused by insufficient input sanitation. The following partial URL demonstrates the issue: [baseURL]/tiki-view_forum_thread.php?forumId=1&comments_parentId=0&topic s_offset=10%22%20onmouseover='javascript:alert(document.title)%3B'%3E[PL EASE%20MOVE%20YOUR%20MOUSE%20POINTER%20HERE!]%20%3Cx%20y=%22 Please move your mouse pointer over the input field which says so. ISSUE 2 (Information Disclosure, possible SQL injection) The application discloses the installation path. This *may* also be useable to craft an SQL injection. The following partial URL demonstrates the issue: [baseURL]/tiki-view_forum_thread.php?forumId=1&comments_parentId=0&topic s_sort_mode=FOOBAH WORKAROUND Issue 1: Disable Javascript (client) or deny access to TikiWiki (server). Issue 2: Set PHP to log errors to file only (issue 2). SOLUTIONS We are not aware of a maintainer provided fix. TIMELINE Oct 6, 2005: Maintainer informed Oct 6, 2005: First maintainer reply Oct 14, 2005: Request for additional information sent to maintainer [in between]: issues fixed on maintainer website Nov 09, 2005: Public disclosure REFERENCES Issue 1: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3528 Issue 2: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3529 ADDITIONAL CREDIT N/A LICENSE Creative Commons Attribution-ShareAlike License Germany http://creativecommons.org/licenses/by-sa/2.0/de/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDcieHn6GkvSd/BgwRAvmjAJ0bAOZ/wvtJ6cxo0I6qbq09kMl8MgCZAYwp g/uC6sZOj1V9DCXo8XdOv3U= =IJXk -----END PGP SIGNATURE-----


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top