CVE-2012-3354

Published: Nov 20, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message.

Affected (4)

Products: Dokuwiki: Dokuwiki · Fedoraproject: Fedora

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Dokuwiki Dokuwiki	All versions
Fedoraproject Fedora	Version 16
Fedoraproject Fedora	Version 17
Fedoraproject Fedora	Version 18

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (16)

http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html

Source: secalert@redhat.com

http://www.freelists.org/post/dokuwiki/Fwd-DokuWiki-Full-path-disclosure

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2013:073

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/06/24/2

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/06/25/2

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=835145

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html