Detections
Analytics

DokuWiki < DokuWiki Release 2009-12-25 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 5302

Synopsis

The remote web server is hosting an application that is vulnerable to multiple attack vectors.

Description

The remote web server is hosting a release of DokuWiki earlier than DokuWiki 2009-12-25. Such versions are potentially affected by multiple vulnerabilities :

- A security-bypass vulnerability that can be exploited through the 'cmd[save]', 'cmd[del]', and 'cmd[update]' parameters of the 'lib/plugins/acl/ajax.php' script.

 - An information-disclosure vulnerability in the 'ns' parameter of the 'ajax.php' script.

Solution

Upgrade to DokuWiki Release 2009-12-25 or later.

See Also

http://www.dokuwiki.org/changes

Plugin Details

Severity: Medium

ID: 5302

Family: CGI

Published: 1/15/2010

Updated: 3/6/2019

Nessus ID: 44059

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:dokuwiki:dokuwiki

Patch Publication Date: 1/13/2010

Vulnerability Publication Date: 1/13/2010

Reference Information

CVE: CVE-2010-0287, CVE-2010-0288

BID: 37820, 37821