Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2014-9253

Published: 17/12/2014 Updated: 08/09/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Dokuwiki

Vulnerability Summary

The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki prior to 2014-09-29b allows remote malicious users to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php.

Vulnerable Product Search on Vulmon Subscribe to Product

dokuwiki dokuwiki

mageia mageia 4.0

Vendor Advisories

Debian CVElist Bug Report Logs: dokuwiki: CVE-2015-2172: DokuWiki privilege escalation in RPC API
Debian Bug report logs - #779547 dokuwiki: CVE-2015-2172: DokuWiki privilege escalation in RPC API Package: src:dokuwiki; Maintainer for src:dokuwiki is Tanguy Ortolo <tanguy+debian@ortoloeu>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 2 Mar 2015 05:51:01 UTC Severity: grave Tags: fixed-upstre ...
Debian CVElist Bug Report Logs: dokuwiki: Insufficient escaping in user manager allows XSS attack
Debian Bug report logs - #780817 dokuwiki: Insufficient escaping in user manager allows XSS attack Package: dokuwiki; Maintainer for dokuwiki is Tanguy Ortolo <tanguy+debian@ortoloeu>; Source for dokuwiki is src:dokuwiki (PTS, buildd, popcon) Reported by: Rodrigo Campos <rodrigo@sdfgcomar> Date: Thu, 19 Mar 2015 2 ...
Debian CVElist Bug Report Logs: dokuwiki: CVE-2014-9253
Debian Bug report logs - #773429 dokuwiki: CVE-2014-9253 Package: dokuwiki; Maintainer for dokuwiki is Tanguy Ortolo <tanguy+debian@ortoloeu>; Source for dokuwiki is src:dokuwiki (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 18 Dec 2014 10:09:02 UTC Severity: important Tags: secu ...

References

CWE-79https://www.dokuwiki.org/changeshttp://security.szurek.pl/dokuwiki-20140929a-xss.htmlhttp://www.securitytracker.com/id/1031369https://github.com/splitbrain/dokuwiki/commit/778ddf6f2cd9ed38b9db2d73e823b8c21243a960http://seclists.org/oss-sec/2014/q4/1050http://www.securityfocus.com/bid/71671http://advisories.mageia.org/MGASA-2014-0540.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/99291https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779547
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761command injectionCVE-2024-3676IDORCVE-2024-30039CVE-2024-32113CVE-2024-30049CVE-2024-4776SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook