TikiWiki Multiple Script Empty sort_mode Parameter MySQL Authentication Credential Disclosure

2006-11-01T08:03:50
ID OSVDB:30172
Type osvdb
Reporter OSVDB
Modified 2006-11-01T08:03:50

Description

Manual Testing Notes

/tiki-listpages.php?offset=0&sort_mode= /tiki-lastchanges.php?days=1&offset=0&sort_mode= /messu-archive.php?sort_mode= /messu-mailbox.php?sort_mode= /messu-sent.php?sort_mode= /tiki-directory_add_site.php?sort_mode= /tiki-directory_ranking.php?sort_mode= /tiki-directory_search.php?sort_mode= /tiki-forums.php?sort_mode= /tiki-view_forum.php?forumId= /tiki-friends.php?sort_mode= /tiki-list_blogs.php?sort_mode= /tiki-list_faqs.php?sort_mode= /tiki-list_trackers.php?sort_mode= /tiki-list_users.php?sort_mode= /tiki-my_tiki.php?sort_mode= /tiki-notepad_list.php?sort_mode= /tiki-orphan_pages.php?sort_mode= /tiki-shoutbox.php?sort_mode= /tiki-usermenu.php?sort_mode= /tiki-webmail_contacts.php?sort_mode=

References:

Vendor URL: http://tikiwiki.org/ Secunia Advisory ID:23039 Secunia Advisory ID:22678 Related OSVDB ID: 30173 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200611-11.xml Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0014.html ISS X-Force ID: 29960 FrSIRT Advisory: ADV-2006-4316 CVE-2006-5702 Bugtraq ID: 20858