Home > Vulnerability Database > CVE-2012-3354

Mend.io Vulnerability Database

CVE-2012-3354

Date: November 19, 2012

doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message.

Severity Score

6.1

Related Resources (11)

Url: http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=835145

Url: http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html

Url: https://security-tracker.debian.org/tracker/CVE-2012-3354

Url: http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2013:073

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-3354

Url: http://www.openwall.com/lists/oss-security/2012/06/24/2

Url: http://www.openwall.com/lists/oss-security/2012/06/25/2

Url: http://www.freelists.org/post/dokuwiki/Fwd-DokuWiki-Full-path-disclosure

Url: https://www.mend.io/vulnerability-database/CVE-2012-3354

Severity Score

6.1

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-3354

Date: November 19, 2012

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?