DokuWiki < DokuWiki Release 2009-12-25 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 5302


The remote web server is hosting an application that is vulnerable to multiple attack vectors.


The remote web server is hosting a release of DokuWiki earlier than DokuWiki 2009-12-25. Such versions are potentially affected by multiple vulnerabilities :

- A security-bypass vulnerability that can be exploited through the 'cmd[save]', 'cmd[del]', and 'cmd[update]' parameters of the 'lib/plugins/acl/ajax.php' script.

- An information-disclosure vulnerability in the 'ns' parameter of the 'ajax.php' script.


Upgrade to DokuWiki Release 2009-12-25 or later.

See Also

Plugin Details

Severity: Medium

ID: 5302

Family: CGI

Published: 2010/01/15

Modified: 2016/02/05

Dependencies: 1442, 5036

Nessus ID: 44059

Risk Information

Risk Factor: Medium


Base Score: 6.4

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 6.4

Temporal Score: 5.9


Temporal Vector: CVSS3#E:F/RL:O/RC:X

Vulnerability Information

Patch Publication Date: 2010/01/13

Vulnerability Publication Date: 2010/01/13

Reference Information

CVE: CVE-2010-0287, CVE-2010-0288

BID: 37820, 37821