oss-sec mailing list archives

Re: CVE request: tikiwiki < 2.0

From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 12 Aug 2008 20:37:36 -0400 (EDT)


These were SPLIT since CVE-2008-3654, while unspecified, has more specific
consequences that suggest certain bug types (e.g. an accessible
phpinfo()), whereas the others convey no information whatsoever.


======================================================
Name: CVE-2008-3653
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3653
Reference: CONFIRM:http://info.tikiwiki.org/tiki-read_article.php?articleId=35

Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before
2.0 have unknown impact and attack vectors.


======================================================
Name: CVE-2008-3654
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3654
Reference: CONFIRM:http://info.tikiwiki.org/tiki-read_article.php?articleId=35
Reference: CONFIRM:http://tikiwiki.org/ReleaseNotes20

Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows
attackers to obtain "path and PHP configuration" via unknown vectors.

Current thread:

CVE request: tikiwiki < 2.0 Hanno Böck (Aug 12)
- Re: CVE request: tikiwiki < 2.0 Steven M. Christey (Aug 12)