Lucene search

Ubuntu.comUB:CVE-2006-6457

HistoryDec 11, 2006 - 12:00 a.m.

CVE-2006-6457

2006-12-1100:00:00

ubuntu.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.0%

JSON

tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions
allows remote attackers to obtain sensitive information (MySQL username and
password) via an invalid (large or negative) ver parameter, which leaks the
information in an error message.

References

launchpad.net/bugs/cve/CVE-2006-6457

nvd.nist.gov/vuln/detail/CVE-2006-6457

security-tracker.debian.org/tracker/CVE-2006-6457

www.cve.org/CVERecord?id=CVE-2006-6457

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.0%

JSON

Related for UB:CVE-2006-6457