Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Gentoo: GLSA-202311-02 Critical: TikiWiki Database Setup Security Flaw

gentoo
Calendar Grey November 20, 2006
Dist Gentoo Esm H88
Gentoo advisory GLSA 200611-12 highlights vulnerabilities in TikiWiki concerning PostgreSQL authentication and CSRF.
TikiWiki allows for the disclosure of MySQL database authentication credentials and for cross-site scripting attacks.

Summary

Gentoo Linux Security Advisory GLSA 200611-11 https://security.gentoo.org/ Severity: Normal Title: TikiWiki: Multiple vulnerabilities Date: November 20, 2006 Bugs: #153820 ID: 200611-11

Synopsis ======= TikiWiki allows for the disclosure of MySQL database authentication credentials and for cross-site scripting attacks.
Background ========= TikiWiki is an open source content management system written in PHP.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/tikiwiki < 1.9.6 >= 1.9.6
========== In numerous files TikiWiki provides an empty sort_mode parameter, causing TikiWiki to display additional information, including database authentication crede...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory gentoo xss issue credential exposure tikiwiki mysql risk

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory gentoo xss issue credential exposure tikiwiki mysql risk

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here