CVE-2012-3354
DokuWiki - Unauthenticated Sensitive Information Exposure via Prefix Parameter
Title source: llmDescription
doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message.
References (8)
Core 8
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/06/25/2
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=835145
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:073
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/06/24/2
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html
Various Sources x_refsource_misc
http://www.freelists.org/post/dokuwiki/Fwd-DokuWiki-Full-path-disclosure
Scores
EPSS
0.0143
EPSS Percentile
69.8%
Details
CWE
CWE-200
Status
published
Products (4)
dokuwiki/dokuwiki
fedoraproject/fedora
16
fedoraproject/fedora
17
fedoraproject/fedora
18
Published
Nov 20, 2012
Tracked Since
Feb 18, 2026