Published: 03/02/2018 Updated: 07/07/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.6 | Impact Score: 6 | Exploitability Score: 1.8

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote malicious users to run arbitrary programs.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dokuwiki dokuwiki
debian debian linux 7.0

Debian Bug report logs - #889281 dokuwiki: CVE-2017-18123: reflected file download vulnerability Package: src:dokuwiki; Maintainer for src:dokuwiki is Tanguy Ortolo <tanguy+debian@ortoloeu>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 3 Feb 2018 09:27:02 UTC Severity: serious Tags: fixed-upstre ...

CWE-20 https://vulnhive.com/2018/000004 https://hackerone.com/reports/238316 https://github.com/splitbrain/dokuwiki/pull/2019 https://github.com/splitbrain/dokuwiki/issues/2029 https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86 https://lists.debian.org/debian-lts-announce/2018/02/msg00004.html https://lists.debian.org/debian-lts-announce/2018/07/msg00004.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889281 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-18123

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect