CVE-2006-6457

Published: Dec 11, 2006Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message.

Affected (2)

Products: Tiki: Tikiwiki Cms/groupware

1 product

Tikiwiki Cms/groupware

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Tiki Tikiwiki Cms/groupware	Version 1.9.2
Tiki Tikiwiki Cms/groupware	Version 1.9.5

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://www.securityfocus.com/archive/1/452639/100/200/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/452639/100/200/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.