Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dokuwiki dokuwiki - vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2017-18123
The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote malicious users to run arbitrary programs.
Dokuwiki Dokuwiki
Debian Debian Linux 7.0
9.3
CVSSv2
CVE-2009-1960
inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote malicious users to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also...
Dokuwiki Dokuwiki Rc2009-02-06
Dokuwiki Dokuwiki 2009-02-14
Dokuwiki Dokuwiki Rc2009-01-30
2 EDB exploits
7.5
CVSSv2
CVE-2010-0288
A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki prior to 2009-12-25b allows remote malicious users to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.
Dokuwiki Dokuwiki
Dokuwiki Dokuwiki 2006-03-05
Dokuwiki Dokuwiki 2005-09-19
Dokuwiki Dokuwiki 2005-07-13
Dokuwiki Dokuwiki 2005-09-22
Dokuwiki Dokuwiki 2006-03-09
Dokuwiki Dokuwiki 2005-07-01
Dokuwiki Dokuwiki 2004-07-04
Dokuwiki Dokuwiki 2004-07-07
Dokuwiki Dokuwiki 2004-07-12
Dokuwiki Dokuwiki 2004-07-21
Dokuwiki Dokuwiki 2004-07-25
Dokuwiki Dokuwiki 2004-08-08
Dokuwiki Dokuwiki 2004-08-15a
Dokuwiki Dokuwiki 2004-08-22
Dokuwiki Dokuwiki 2004-09-12
Dokuwiki Dokuwiki 2004-09-25
Dokuwiki Dokuwiki 2004-09-30
Dokuwiki Dokuwiki 2004-11-01
Dokuwiki Dokuwiki 2004-11-02
Dokuwiki Dokuwiki 2004-11-10
Dokuwiki Dokuwiki 2005-01-14
1 EDB exploit
7.5
CVSSv2
CVE-2006-5099
lib/exec/fetch.php in DokuWiki prior to 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote malicious users to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert.
Andreas Gohr Dokuwiki Release 2006-03-09
Andreas Gohr Dokuwiki Release 2006-03-09e
Andreas Gohr Dokuwiki Release 2006-03-05
7.5
CVSSv2
CVE-2006-4674
Direct static code injection vulnerability in doku.php in DokuWiki prior to 2006-030-09c allows remote malicious users to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php.
Andreas Gohr Dokuwiki Release 2004-07-07
Andreas Gohr Dokuwiki Release 2004-08-08
Andreas Gohr Dokuwiki Release 2005-02-06
Andreas Gohr Dokuwiki Release 2005-01-16a
Andreas Gohr Dokuwiki Release 2004-09-12
Andreas Gohr Dokuwiki Release 2005-05-07
Andreas Gohr Dokuwiki Release 2004-07-25
Andreas Gohr Dokuwiki Release 2004-08-22
Andreas Gohr Dokuwiki Release 2004-09-25
Andreas Gohr Dokuwiki Release 2005-02-18
Andreas Gohr Dokuwiki
Andreas Gohr Dokuwiki Release 2005-09-22
Andreas Gohr Dokuwiki Release 2004-11-10
Andreas Gohr Dokuwiki Release 2005-01-15
Andreas Gohr Dokuwiki Release 2005-01-14
Andreas Gohr Dokuwiki Release 2004-07-04
Andreas Gohr Dokuwiki Release 2005-07-01
Andreas Gohr Dokuwiki Release 2004-07-21
Andreas Gohr Dokuwiki Release 2006-03-05
Andreas Gohr Dokuwiki Release 2005-07-13
Andreas Gohr Dokuwiki Release 2004-09-30
Andreas Gohr Dokuwiki Release 2004-08-15a
7.5
CVSSv2
CVE-2006-4675
Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki prior to 2006-03-09c allows remote malicious users to upload executable files into the data/media folder via unspecified vectors.
Andreas Gohr Dokuwiki Release 2004-07-07
Andreas Gohr Dokuwiki Release 2004-08-08
Andreas Gohr Dokuwiki Release 2005-02-06
Andreas Gohr Dokuwiki Release 2005-01-16a
Andreas Gohr Dokuwiki Release 2004-09-12
Andreas Gohr Dokuwiki Release 2005-05-07
Andreas Gohr Dokuwiki Release 2004-07-25
Andreas Gohr Dokuwiki Release 2004-08-22
Andreas Gohr Dokuwiki Release 2004-09-25
Andreas Gohr Dokuwiki Release 2005-02-18
Andreas Gohr Dokuwiki
Andreas Gohr Dokuwiki Release 2005-09-22
Andreas Gohr Dokuwiki Release 2004-11-10
Andreas Gohr Dokuwiki Release 2005-01-15
Andreas Gohr Dokuwiki Release 2005-01-14
Andreas Gohr Dokuwiki Release 2004-07-04
Andreas Gohr Dokuwiki Release 2005-07-01
Andreas Gohr Dokuwiki Release 2004-07-21
Andreas Gohr Dokuwiki Release 2006-03-05
Andreas Gohr Dokuwiki Release 2005-07-13
Andreas Gohr Dokuwiki Release 2004-09-30
Andreas Gohr Dokuwiki Release 2004-08-15a
7.5
CVSSv2
CVE-2006-2878
The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and previous versions allows remote malicious users to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (exe...
Andreas Gohr Dokuwiki Release 2004-07-07
Andreas Gohr Dokuwiki Release 2004-08-08
Andreas Gohr Dokuwiki Release 2005-02-06
Andreas Gohr Dokuwiki Release 2005-01-16a
Andreas Gohr Dokuwiki Release 2004-09-12
Andreas Gohr Dokuwiki Release 2005-05-07
Andreas Gohr Dokuwiki Release 2004-07-25
Andreas Gohr Dokuwiki Release 2004-08-22
Andreas Gohr Dokuwiki Release 2004-09-25
Andreas Gohr Dokuwiki Release 2005-02-18
Andreas Gohr Dokuwiki Release 2005-09-22
Andreas Gohr Dokuwiki Release 2004-11-10
Andreas Gohr Dokuwiki Release 2005-01-15
Andreas Gohr Dokuwiki
Andreas Gohr Dokuwiki Release 2005-01-14
Andreas Gohr Dokuwiki Release 2004-07-04
Andreas Gohr Dokuwiki Release 2005-07-01
Andreas Gohr Dokuwiki Release 2004-07-21
Andreas Gohr Dokuwiki Release 2006-03-05
Andreas Gohr Dokuwiki Release 2005-07-13
Andreas Gohr Dokuwiki Release 2004-09-30
Andreas Gohr Dokuwiki Release 2004-08-15a
7.5
CVSSv2
CVE-2004-2560
DokuWiki prior to 2004-10-19, when used on a web server that permits execution based on file extension, allows remote malicious users to execute arbitrary code by uploading a file with an appropriate extension such as ".php" or ".cgi".
Andreas Gohr Dokuwiki Release 2004-07-07
Andreas Gohr Dokuwiki Release 2004-08-08
Andreas Gohr Dokuwiki Release 2004-09-12
Andreas Gohr Dokuwiki Release 2004-07-25
Andreas Gohr Dokuwiki Release 2004-08-22
Andreas Gohr Dokuwiki Release 2004-09-25
Andreas Gohr Dokuwiki Release 2004-07-04
Andreas Gohr Dokuwiki Release 2004-07-21
Andreas Gohr Dokuwiki Release 2004-09-30
Andreas Gohr Dokuwiki Release 2004-08-15a
Andreas Gohr Dokuwiki Release 2004-07-12
7.5
CVSSv2
CVE-2004-2559
DokuWiki prior to 2004-10-19 allows remote malicious users to access administrative functionality including (1) Mediaselectiondialog, (2) Recent changes, (3) feed, and (4) search, possibly due to the lack of ACL checks.
Andreas Gohr Dokuwiki Release 2004-07-07
Andreas Gohr Dokuwiki Release 2004-08-08
Andreas Gohr Dokuwiki Release 2004-09-12
Andreas Gohr Dokuwiki Release 2004-07-25
Andreas Gohr Dokuwiki Release 2004-08-22
Andreas Gohr Dokuwiki Release 2004-09-25
Andreas Gohr Dokuwiki Release 2004-07-04
Andreas Gohr Dokuwiki Release 2004-07-21
Andreas Gohr Dokuwiki Release 2004-09-30
Andreas Gohr Dokuwiki Release 2004-08-15a
Andreas Gohr Dokuwiki Release 2004-07-12
6.8
CVSSv2
CVE-2021-40904
The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web...
Tribe29 Checkmk
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »