CVE-2012-3996

2022-10-0316:15:22

mitre

www.cve.org

tikiwiki

groupware

installation path

6.6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.6%

JSON

TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.

References

archives.neohapsis.com/archives/bugtraq/2012-07/0020.html

dev.tiki.org/item4109

info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS

info.tiki.org/article191-Tiki-Releases-8-4

www.exploit-db.com/exploits/19573

www.exploit-db.com/exploits/19630

www.osvdb.org/83533