Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200611-11] TikiWiki: Multiple vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
TikiWiki: Multiple vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200611-11
(TikiWiki: Multiple vulnerabilities)
In numerous files TikiWiki provides an empty sort_mode parameter,
causing TikiWiki to display additional information, including database
authentication credentials, in certain error messages. TikiWiki also
improperly sanitizes the "url" request variable sent to
A possible hacker could cause a database error in various pages of a TikiWiki
instance by providing an empty sort_mode request variable, and gain
unauthorized access to credentials of the MySQL databases used by
TikiWiki. A possible hacker could also entice a user to browse to a specially
crafted URL that could run scripts in the scope of the user's browser.
There is no known workaround at this time.
All TikiWiki users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.9.6"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.