inc/template.php in DokuWiki prior to 2014-05-05a only checks for access to the root namespace, which allows remote malicious users to access arbitrary images via a media file details ajax call.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dokuwiki dokuwiki |