4.3
CVSSv2

CVE-2014-9253

Published: 17/12/2014 Updated: 08/09/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki prior to 2014-09-29b allows remote malicious users to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php.

Vulnerable Product Search on Vulmon Subscribe to Product

dokuwiki dokuwiki

mageia mageia 4.0

Vendor Advisories

Debian Bug report logs - #779547 dokuwiki: CVE-2015-2172: DokuWiki privilege escalation in RPC API Package: src:dokuwiki; Maintainer for src:dokuwiki is Tanguy Ortolo <tanguy+debian@ortoloeu>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 2 Mar 2015 05:51:01 UTC Severity: grave Tags: fixed-upstre ...
Debian Bug report logs - #780817 dokuwiki: Insufficient escaping in user manager allows XSS attack Package: dokuwiki; Maintainer for dokuwiki is Tanguy Ortolo <tanguy+debian@ortoloeu>; Source for dokuwiki is src:dokuwiki (PTS, buildd, popcon) Reported by: Rodrigo Campos <rodrigo@sdfgcomar> Date: Thu, 19 Mar 2015 2 ...
Debian Bug report logs - #773429 dokuwiki: CVE-2014-9253 Package: dokuwiki; Maintainer for dokuwiki is Tanguy Ortolo <tanguy+debian@ortoloeu>; Source for dokuwiki is src:dokuwiki (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 18 Dec 2014 10:09:02 UTC Severity: important Tags: secu ...