Published: 13/02/2017 Updated: 04/11/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote malicious users to revert certain changes by leveraging permissions to change the page before the revision was made.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ikiwiki ikiwiki 3.20161219

Multiple vulnerabilities have been found in the Ikiwiki wiki compiler: CVE-2016-9646 Commit metadata forgery via CGI::FormBuilder context-dependent APIs CVE-2016-10026 Editing restriction bypass for git revert CVE-2017-0356 Authentication bypass via repeated parameters Additional details on these vulnerabilities can be found at https: ...

CWE-284 https://ikiwiki.info/security/#index46h2 http://www.openwall.com/lists/oss-security/2016/12/29/3 http://www.openwall.com/lists/oss-security/2016/12/21/3 http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/http://www.debian.org/security/2017/dsa-3760 https://nvd.nist.gov https://www.debian.org/security/./dsa-3760

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-10026

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect