The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote malicious users to run arbitrary programs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dokuwiki dokuwiki |
||
debian debian linux 7.0 |