Lucene search

MitreCVE-2005-3529

HistoryNov 20, 2005 - 10:03 p.m.

CVE-2005-3529

2005-11-2022:03:00

CWE-200

mitre

web.nvd.nist.gov

security

tikiwiki

remote attackers

sql injection

vulnerability

installation path

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.6

Confidence

Low

EPSS

0.012

Percentile

85.0%

JSON

tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability.

Affected configurations

Nvd

Node

tikitikiwiki_cms\/groupwareMatch1.9.0

tikitikiwiki_cms\/groupwareMatch1.9.1

tikitikiwiki_cms\/groupwareMatch1.9.2

VendorProductVersionCPE
tikitikiwiki_cms\/groupware1.9.0cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.0:*:*:*:*:*:*:*
tikitikiwiki_cms\/groupware1.9.1cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.1:*:*:*:*:*:*:*
tikitikiwiki_cms\/groupware1.9.2cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tiki	tikiwiki_cms\/groupware	1.9.0	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.0:::::::*
tiki	tikiwiki_cms\/groupware	1.9.1	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.1:::::::*
tiki	tikiwiki_cms\/groupware	1.9.2	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.2:::::::*

References

moritz-naumann.com/adv/0003/tikiw/0003.txt

secunia.com/advisories/17521

securityreason.com/securityalert/165

www.osvdb.org/20711

www.securityfocus.com/archive/1/416152/30/0/threaded

www.vupen.com/english/advisories/2005/2376

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.6

Confidence

Low

EPSS

0.012

Percentile

85.0%

JSON

Related for CVE-2005-3529