CVE-2006-5702 in Tikiwikiinfo

Summary

by MITRE

Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 04/26/2026

The vulnerability described in CVE-2006-5702 represents a critical information disclosure flaw in Tikiwiki 1.9.5 that exposes sensitive database credentials through improper error handling mechanisms. This vulnerability affects multiple core components of the Tikiwiki application, specifically targeting pages that handle various user interactions including forum management, directory navigation, messaging systems, and user administration functions. The flaw occurs when an attacker submits an empty sort_mode parameter to any of the listed PHP scripts, which triggers database queries that inadvertently expose MySQL username and password information through error messages generated by the application.

The technical implementation of this vulnerability stems from inadequate input validation and error handling practices within the Tikiwiki codebase. When the sort_mode parameter is left empty or malformed, the application fails to properly sanitize or validate this input before passing it to database query functions. This results in database error messages being generated and subsequently displayed to the remote attacker, revealing sensitive information including database connection credentials. The vulnerability aligns with CWE-200, which specifically addresses improper error handling that leads to information disclosure, and demonstrates poor input sanitization practices that violate fundamental security principles. The attack vector is particularly concerning because it requires minimal privileges and can be executed through simple HTTP requests without authentication.

The operational impact of this vulnerability extends beyond simple credential exposure, as it provides attackers with direct access to the underlying database infrastructure. Once an attacker obtains the MySQL credentials, they can potentially escalate their privileges within the application, access user data, modify content, or even compromise the entire database server. The vulnerability affects a comprehensive list of 21 different PHP files, indicating a systemic issue within the application's architecture rather than isolated code problems. This widespread exposure across multiple functional areas of the application means that attackers can leverage this information to compromise various aspects of the system, including user management, content creation, and communication features.

Security practitioners should note that this vulnerability demonstrates the importance of implementing proper error handling and input validation measures as outlined in the OWASP Top Ten security principles. The flaw also relates to ATT&CK technique T1212, which involves exploitation of software vulnerabilities to obtain information, and T1566, which covers social engineering through credential exposure. Organizations should immediately implement mitigations including disabling error messages in production environments, implementing proper input validation for all user-supplied parameters, and ensuring that database credentials are properly abstracted from error reporting mechanisms. Additionally, regular security audits should be conducted to identify similar input validation issues across all application components, as this vulnerability type remains prevalent in legacy web applications and underscores the critical need for comprehensive security testing throughout the software development lifecycle.

Reservation

11/03/2006

Disclosure

11/03/2006

Moderation

accepted

Entry

VDB-33098

CPE

ready

Exploit

Download

EPSS

0.53067

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!