FreeBSD : dokuwiki -- multiple vulnerabilities (23573650-f99a-11da-994e-00142a5f241c)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Multiple vulnerabilities have been reported within dokuwiki. dokuwiki
is proven vulnerable to :

- arbitrary PHP code insertion via spellcheck module,

- XSS attack via 'Update your account profile,'

- bypassing of ACL controls when enabled.

See also :

http://bugs.splitbrain.org/index.php?do=details&id=820
http://bugs.splitbrain.org/index.php?do=details&id=823
http://bugs.splitbrain.org/index.php?do=details&id=825
http://www.nessus.org/u?6369101f

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21701 (freebsd_pkg_23573650f99a11da994e00142a5f241c.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now