PUBLISHED DATE: April 11, 2004CVE-2004-1923:
Tiki CMS/Groupware (TikiWiki) 1.8.1...

Description

Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message.

Products

• Tiki Wiki CMS/Groupware
• Tiki Tikiwiki CMS/Groupware 1.6.1
• Tiki Tikiwiki CMS/Groupware 1.8.1 (Polaris)

Questions to Ask Vendors

1. Can you confirm whether your systems are affected by CVE-2004-1923, and if so, what steps are you currently taking to mitigate this vulnerability?
2. What is your estimated timeline for fully resolving CVE-2004-1923 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions

• Check out the advisory links provided below.

References

• http://webappsec.pbworks.com/Information-Leakage
• https://capec.mitre.org/data/definitions/116.html
• https://capec.mitre.org/data/definitions/13.html
• https://capec.mitre.org/data/definitions/169.html
• https://capec.mitre.org/data/definitions/22.html
• https://capec.mitre.org/data/definitions/224.html
• https://capec.mitre.org/data/definitions/285.html
• https://capec.mitre.org/data/definitions/287.html
• https://capec.mitre.org/data/definitions/290.html
• https://capec.mitre.org/data/definitions/291.html
• https://capec.mitre.org/data/definitions/292.html
• https://capec.mitre.org/data/definitions/293.html
• https://capec.mitre.org/data/definitions/294.html
• https://capec.mitre.org/data/definitions/295.html
• https://capec.mitre.org/data/definitions/296.html
• https://capec.mitre.org/data/definitions/297.html
• https://capec.mitre.org/data/definitions/298.html
• https://capec.mitre.org/data/definitions/299.html
• https://capec.mitre.org/data/definitions/300.html
• https://capec.mitre.org/data/definitions/301.html
• https://capec.mitre.org/data/definitions/302.html
• https://capec.mitre.org/data/definitions/303.html
• https://capec.mitre.org/data/definitions/304.html
• https://capec.mitre.org/data/definitions/305.html
• https://capec.mitre.org/data/definitions/306.html
• https://capec.mitre.org/data/definitions/307.html
• https://capec.mitre.org/data/definitions/308.html
• https://capec.mitre.org/data/definitions/309.html
• https://capec.mitre.org/data/definitions/310.html
• https://capec.mitre.org/data/definitions/312.html
• https://capec.mitre.org/data/definitions/313.html
• https://capec.mitre.org/data/definitions/317.html
• https://capec.mitre.org/data/definitions/318.html
• https://capec.mitre.org/data/definitions/319.html
• https://capec.mitre.org/data/definitions/320.html
• https://capec.mitre.org/data/definitions/321.html
• https://capec.mitre.org/data/definitions/322.html
• https://capec.mitre.org/data/definitions/323.html
• https://capec.mitre.org/data/definitions/324.html
• https://capec.mitre.org/data/definitions/325.html
• https://capec.mitre.org/data/definitions/326.html
• https://capec.mitre.org/data/definitions/327.html
• https://capec.mitre.org/data/definitions/328.html
• https://capec.mitre.org/data/definitions/329.html
• https://capec.mitre.org/data/definitions/330.html
• https://capec.mitre.org/data/definitions/472.html
• https://capec.mitre.org/data/definitions/497.html
• https://capec.mitre.org/data/definitions/508.html
• https://capec.mitre.org/data/definitions/573.html
• https://capec.mitre.org/data/definitions/574.html
• https://capec.mitre.org/data/definitions/575.html
• https://capec.mitre.org/data/definitions/576.html
• https://capec.mitre.org/data/definitions/577.html
• https://capec.mitre.org/data/definitions/59.html
• https://capec.mitre.org/data/definitions/60.html
• https://capec.mitre.org/data/definitions/616.html
• https://capec.mitre.org/data/definitions/643.html
• https://capec.mitre.org/data/definitions/646.html
• https://capec.mitre.org/data/definitions/651.html
• https://capec.mitre.org/data/definitions/79.html
• https://nvd.nist.gov/vuln/detail/CVE-2004-1923