CVE-2012-3354

DokuWiki - Unauthenticated Sensitive Information Exposure via Prefix Parameter

Title source: llm
STIX 2.1

Description

doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message.

References (8)

Core 8
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/06/25/2
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=835145
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:073
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/06/24/2
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html

Scores

EPSS 0.0143
EPSS Percentile 69.8%

Details

CWE
CWE-200
Status published
Products (4)
dokuwiki/dokuwiki
fedoraproject/fedora 16
fedoraproject/fedora 17
fedoraproject/fedora 18
Published Nov 20, 2012
Tracked Since Feb 18, 2026