Published: 22/10/2014 Updated: 04/04/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The ajax_mediadiff function in DokuWiki prior to 2014-05-05a allows remote malicious users to access arbitrary images via a crafted namespace in the ns parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dokuwiki dokuwiki

Debian Bug report logs - #766545 CVE-2014-8763 CVE-2014-8764 Package: dokuwiki; Maintainer for dokuwiki is Tanguy Ortolo <tanguy+debian@ortoloeu>; Source for dokuwiki is src:dokuwiki (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 23 Oct 2014 21:12:19 UTC Severity: important Tags: ...

Two vulnerabilities have been discovered in dokuwiki Access control in the media manager was insufficiently restricted and authentication could be bypassed when using Active Directory for LDAP authentication For the stable distribution (wheezy), these problems have been fixed in version 0020120125b-2+deb7u1 For the unstable distribution (sid), ...

CWE-200 http://www.openwall.com/lists/oss-security/2014/10/13/3 http://www.openwall.com/lists/oss-security/2014/10/16/9 http://www.securityfocus.com/bid/70404 https://github.com/splitbrain/dokuwiki/issues/765 http://www.debian.org/security/2014/dsa-3059 http://secunia.com/advisories/61983 http://advisories.mageia.org/MGASA-2014-0438.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766545 https://nvd.nist.gov https://www.debian.org/security/./dsa-3059

CVE-2014-8762

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect