Published: 13/04/2018 Updated: 18/05/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

A flaw, similar to to CVE-2016-9646, exists in ikiwiki prior to 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an malicious user to bypass authentication via repeated parameters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ikiwiki ikiwiki
debian debian linux 7.0
debian debian linux 8.0

Multiple vulnerabilities have been found in the Ikiwiki wiki compiler: CVE-2016-9646 Commit metadata forgery via CGI::FormBuilder context-dependent APIs CVE-2016-10026 Editing restriction bypass for git revert CVE-2017-0356 Authentication bypass via repeated parameters Additional details on these vulnerabilities can be found at https: ...

CWE-287 https://www.debian.org/security/2017/dsa-3760 https://ikiwiki.info/security/#cve-2017-0356 https://marc.info/?l=oss-security&m=148418234314276&w=2 http://www.securityfocus.com/bid/95420 https://nvd.nist.gov https://www.debian.org/security/./dsa-3760

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-0356

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect