Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3996

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-3996
Last Modified 24 Oct 2012 12:00:00
Published 12 Jul 2012 03:55:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3996

Summary

TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.

Vulnerable Systems

Application

  • Tikiwiki 0.9

  • Tikiwiki 0.95

  • Tikiwiki 1.0

  • Tikiwiki 1.1

  • Tikiwiki 1.2

  • Tikiwiki 1.3

  • Tikiwiki 1.4

  • Tikiwiki 1.4.1

  • Tikiwiki 1.4.2

  • Tikiwiki 1.5

  • Tikiwiki 1.6

  • Tikiwiki 1.6.1

  • Tikiwiki 1.7

  • Tikiwiki 1.7.1

  • Tikiwiki 1.7.1.1

  • Tikiwiki 1.8

  • Tikiwiki 1.8.1

  • Tikiwiki 1.8.2

  • Tikiwiki 1.8.3

  • Tikiwiki 1.8.4

  • Tikiwiki 1.8.5

  • Tikiwiki 1.8.6

  • Tikiwiki 1.9

  • Tikiwiki 1.9 Rc1

  • Tikiwiki 1.9 Rc2

  • Tikiwiki 1.9 Rc3

  • Tikiwiki 1.9 Rc3.1

  • Tikiwiki 1.9.1

  • Tikiwiki 1.9.1.1

  • Tikiwiki 1.9.10

  • Tikiwiki 1.9.10.1

  • Tikiwiki 1.9.11

  • Tikiwiki 1.9.2

  • Tikiwiki 1.9.3

  • Tikiwiki 1.9.3.1

  • Tikiwiki 1.9.3.2

  • Tikiwiki 1.9.4

  • Tikiwiki 1.9.5

  • Tikiwiki 1.9.6

  • Tikiwiki 1.9.7

  • Tikiwiki 1.9.8

  • Tikiwiki 1.9.8.1

  • Tikiwiki 1.9.8.2

  • Tikiwiki 1.9.8.3

  • Tikiwiki 1.9.9

  • Tikiwiki 2.0

  • Tikiwiki 2.1

  • Tikiwiki 4.0

  • Tikiwiki 4.1

  • Tikiwiki 4.2

  • Tikiwiki 5.0

  • Tikiwiki 5.1

  • Tikiwiki 5.2

  • Tikiwiki 5.3

  • Tikiwiki 5.4

  • Tikiwiki 6.0

  • Tikiwiki 6.1

  • Tikiwiki 6.2

  • Tikiwiki 6.3

  • Tikiwiki 6.4

  • Tikiwiki 6.5

  • Tikiwiki 6.6

  • Tikiwiki 6.7

  • Tikiwiki 7.0

  • Tikiwiki 7.1

  • Tikiwiki 7.2

  • Tikiwiki 8.0

  • Tikiwiki 8.1

  • Tikiwiki 8.2

  • Tikiwiki 8.3

  • Tikiwiki Cms%2fgroupware 2.2

  • Tikiwiki Cms%2fgroupware 3.0

  • Tikiwiki Cms%2fgroupware 3.1

  • Tikiwiki Cms%2fgroupware 3.2

  • Tikiwiki Cms%2fgroupware 3.3

  • Tikiwiki Cms%2fgroupware 3.4

  • Tikiwiki Cms%2fgroupware 3.5

  • Tikiwiki Cms%2fgroupware 4

  • Tikiwiki Cms%2fgroupware 4.0

  • Tikiwiki Cms%2fgroupware 4.1

  • Tikiwiki Cms%2fgroupware 4.2

  • Tikiwiki Cms%2fgroupware 5.0

  • Tikiwiki Cms%2fgroupware 5.1

  • Tikiwiki Cms%2fgroupware 5.2

  • Tikiwiki Cms%2fgroupware 5.3

  • Tikiwiki Cms%2fgroupware 6.0

  • Tikiwiki Cms%2fgroupware 6.1

  • Tikiwiki Cms%2fgroupware 6.2

  • Tikiwiki Cms%2fgroupware 7.0

  • Tikiwiki Cms%2fgroupware 7.1

  • Tikiwiki Cms%2fgroupware 7.2

  • Tikiwiki Cms%2fgroupware 8.0

  • Tikiwiki Cms%2fgroupware 8.1

  • Tikiwiki Cms%2fgroupware 8.2


References

MISC - http://info.tiki.org/article191-Tiki-Releases-8-4

MISC - http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS

MISC - http://dev.tiki.org/item4109

OSVDB - 83533

EXPLOIT-DB - 19630

EXPLOIT-DB - 19573

BUGTRAQ - 20120704 [CVE-2012-0911] Tiki Wiki CMS Groupware <= 8.3

BUGTRAQ - 20120704 [CVE-2012-0911] Tiki Wiki CMS Groupware <= 8.3 "unserialize()" PHP Code Execution


Last Updated: 27 May 2016 11:01:14