//tikiwiki version 1.9.5 (CVS) -Sirius- (PoC)
// Product: Tikiwiki
// URL: http://tikiwiki.org/
// RISK: critical
there's a critical security bug in tikiwiki version 1.9.5 (CVS) -Sirius-
a anonymous user , can dump the mysql user & passwd just by creating a mysql error with the "sort_mode" var , with those following links :
there's also a xss here :
/tiki-featured_link.php?type=f&url=" ></iframe><scr</script>ipt>alert('XSS')</scri</script>pt> <!--
- fixed for 1.9 CVS
- xss vulnerability fixed
merge into 1.10 on the way
1.9.6 in CVS, needs ppc lovin'
ppc stable, this one's ready for GLSA decision.
security please vote
Hm, I would not want my users know my database credentials. I know some bigger organizations that use Tikiwiki for their Intranets, so I guess I'll say "yes" here.
Voting YES. Let's have GLSA on this one.