DokuWiki < DokuWiki Release 2009-12-25 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 5302

Synopsis

The remote web server is hosting an application that is vulnerable to multiple attack vectors.

Description

The remote web server is hosting a release of DokuWiki earlier than DokuWiki 2009-12-25. Such versions are potentially affected by multiple vulnerabilities :

- A security-bypass vulnerability that can be exploited through the 'cmd[save]', 'cmd[del]', and 'cmd[update]' parameters of the 'lib/plugins/acl/ajax.php' script.

- An information-disclosure vulnerability in the 'ns' parameter of the 'ajax.php' script.

Solution

Upgrade to DokuWiki Release 2009-12-25 or later.

See Also

http://www.dokuwiki.org/changes

Plugin Details

Severity: Medium

ID: 5302

Family: CGI

Published: 2010/01/15

Modified: 2016/02/05

Dependencies: 1442, 5036

Nessus ID: 44059

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.4

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

CVSSv3

Base Score: 6.4

Temporal Score: 5.9

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:X

Vulnerability Information

Patch Publication Date: 2010/01/13

Vulnerability Publication Date: 2010/01/13

Reference Information

CVE: CVE-2010-0287, CVE-2010-0288

BID: 37820, 37821