CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-3354

doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 67.0%

CVSS Severity

CVSS v2 Score 4.3

References

http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html
http://www.freelists.org/post/dokuwiki/Fwd-DokuWiki-Full-path-disclosure
http://www.mandriva.com/security/advisories?name=MDVSA-2013:073
http://www.openwall.com/lists/oss-security/2012/06/24/2
http://www.openwall.com/lists/oss-security/2012/06/25/2
https://bugzilla.redhat.com/show_bug.cgi?id=835145
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html
http://www.freelists.org/post/dokuwiki/Fwd-DokuWiki-Full-path-disclosure
http://www.mandriva.com/security/advisories?name=MDVSA-2013:073
http://www.openwall.com/lists/oss-security/2012/06/24/2
http://www.openwall.com/lists/oss-security/2012/06/25/2
https://bugzilla.redhat.com/show_bug.cgi?id=835145

Products affected by CVE-2012-3354

Dokuwiki » Dokuwiki » Version: N/A

cpe:2.3:a:dokuwiki:dokuwiki:-
Fedoraproject » Fedora » Version: 16

cpe:2.3:o:fedoraproject:fedora:16
Fedoraproject » Fedora » Version: 17

cpe:2.3:o:fedoraproject:fedora:17
Fedoraproject » Fedora » Version: 18

cpe:2.3:o:fedoraproject:fedora:18

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-3354

Products

Pricing

Contact Us