cve-2006-6457
Vulnerability from cvelistv5
Published
2006-12-11 17:00
Modified
2024-08-07 20:26
Severity ?
EPSS score ?
Summary
tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T20:26:46.485Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20061125 Re: tikiwiki 1.9.5 mysql password disclosure & xss", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/452639/100/200/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-11-25T00:00:00", descriptions: [ { lang: "en", value: "tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-17T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20061125 Re: tikiwiki 1.9.5 mysql password disclosure & xss", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/452639/100/200/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-6457", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20061125 Re: tikiwiki 1.9.5 mysql password disclosure & xss", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/452639/100/200/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-6457", datePublished: "2006-12-11T17:00:00", dateReserved: "2006-12-11T00:00:00", dateUpdated: "2024-08-07T20:26:46.485Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tiki:tikiwiki_cms\\\\/groupware:1.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"035EEFAB-B46C-407F-BF8C-B33756D4EEC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tiki:tikiwiki_cms\\\\/groupware:1.9.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F437662-CD55-477B-9FEE-0CC4E6CB908D\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message.\"}, {\"lang\": \"es\", \"value\": \"tiki-wiki_rss.php en Tikiwiki 1.9.5, 1.9.2, y posiblemente otras versiones permite a atacantes remotos obtener informaci\\u00f3n sensible (nombre de usuario y contrase\\u00f1a MySQL) mediante un par\\u00e1metro ver inv\\u00e1lido (largo o negativo), lo cual filtra la informaci\\u00f3n en un mensaje de error.\"}]", id: "CVE-2006-6457", lastModified: "2024-11-21T00:22:44.020", metrics: "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2006-12-11T17:28:00.000", references: "[{\"url\": \"http://www.securityfocus.com/archive/1/452639/100/200/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/452639/100/200/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2006-6457\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-12-11T17:28:00.000\",\"lastModified\":\"2024-11-21T00:22:44.020\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message.\"},{\"lang\":\"es\",\"value\":\"tiki-wiki_rss.php en Tikiwiki 1.9.5, 1.9.2, y posiblemente otras versiones permite a atacantes remotos obtener información sensible (nombre de usuario y contraseña MySQL) mediante un parámetro ver inválido (largo o negativo), lo cual filtra la información en un mensaje de error.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tiki:tikiwiki_cms\\\\/groupware:1.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"035EEFAB-B46C-407F-BF8C-B33756D4EEC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tiki:tikiwiki_cms\\\\/groupware:1.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F437662-CD55-477B-9FEE-0CC4E6CB908D\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/archive/1/452639/100/200/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/452639/100/200/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.