Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2015-2172

Published: 30/03/2015 Updated: 05/02/2019
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Dokuwiki

Vulnerability Summary

DokuWiki prior to 2014-05-05d and prior to 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API.

Vulnerable Product Search on Vulmon Subscribe to Product

dokuwiki dokuwiki

Vendor Advisories

Debian CVElist Bug Report Logs: dokuwiki: CVE-2015-2172: DokuWiki privilege escalation in RPC API
Debian Bug report logs - #779547 dokuwiki: CVE-2015-2172: DokuWiki privilege escalation in RPC API Package: src:dokuwiki; Maintainer for src:dokuwiki is Tanguy Ortolo <tanguy+debian@ortoloeu>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 2 Mar 2015 05:51:01 UTC Severity: grave Tags: fixed-upstre ...
Debian CVElist Bug Report Logs: dokuwiki: Insufficient escaping in user manager allows XSS attack
Debian Bug report logs - #780817 dokuwiki: Insufficient escaping in user manager allows XSS attack Package: dokuwiki; Maintainer for dokuwiki is Tanguy Ortolo <tanguy+debian@ortoloeu>; Source for dokuwiki is src:dokuwiki (PTS, buildd, popcon) Reported by: Rodrigo Campos <rodrigo@sdfgcomar> Date: Thu, 19 Mar 2015 2 ...
Debian CVElist Bug Report Logs: dokuwiki: CVE-2014-9253
Debian Bug report logs - #773429 dokuwiki: CVE-2014-9253 Package: dokuwiki; Maintainer for dokuwiki is Tanguy Ortolo <tanguy+debian@ortoloeu>; Source for dokuwiki is src:dokuwiki (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 18 Dec 2014 10:09:02 UTC Severity: important Tags: secu ...

References

CWE-284http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152994.htmlhttp://www.openwall.com/lists/oss-security/2015/03/02/2http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153266.htmlhttps://www.dokuwiki.org/changeshttps://github.com/splitbrain/dokuwiki/commit/4970ad24ce49ec76a0ee67bca7594f918ced2f5fhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/153062.htmlhttps://github.com/splitbrain/dokuwiki/issues/1056http://advisories.mageia.org/MGASA-2015-0093.htmlhttp://www.securityfocus.com/bid/72827https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779547
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook