CVE-2006-6457

Tikiwiki <1.9.5-1.9.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message.

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/452639/100/200/threaded

Scores

EPSS 0.0118
EPSS Percentile 64.1%

Details

CWE
CWE-200
Status published
Products (2)
tiki/tikiwiki_cms\/groupware 1.9.2
tiki/tikiwiki_cms\/groupware 1.9.5
Published Dec 11, 2006
Tracked Since Feb 18, 2026