Main Vulnerability Database Vulnerabilities #VU43324

Information disclosure in DokuWiki - CVE-2012-3354

Published: November 20, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43324

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-3354

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: DokuWiki

Affected software:
DokuWiki

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message.

How to mitigate CVE-2012-3354

Install update from vendor's website.

Sources

http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html
http://www.freelists.org/post/dokuwiki/Fwd-DokuWiki-Full-path-disclosure
http://www.mandriva.com/security/advisories?name=MDVSA-2013:073
http://www.openwall.com/lists/oss-security/2012/06/24/2
http://www.openwall.com/lists/oss-security/2012/06/25/2
https://bugzilla.redhat.com/show_bug.cgi?id=835145

Information disclosure in DokuWiki - CVE-2012-3354

Detailed vulnerability description

How to mitigate CVE-2012-3354

Sources

Please verify you're human