DokuWiki < DokuWiki Release 2009-12-25 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 5302
SynopsisThe remote web server is hosting an application that is vulnerable to multiple attack vectors.
DescriptionThe remote web server is hosting a release of DokuWiki earlier than DokuWiki 2009-12-25. Such versions are potentially affected by multiple vulnerabilities :
- A security-bypass vulnerability that can be exploited through the 'cmd[save]', 'cmd[del]', and 'cmd[update]' parameters of the 'lib/plugins/acl/ajax.php' script.
- An information-disclosure vulnerability in the 'ns' parameter of the 'ajax.php' script.
SolutionUpgrade to DokuWiki Release 2009-12-25 or later.