Product

Dokuwiki Release 2004 09 25


View All Versions

Vulnerability History

Weakness Analysis

Related Vulnerabilities

Vulnerability Severity Score Release Date Summary
CVE-2010-0288 7.5 Feb. 15, 2010

A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.

CVE-2010-0289 6.8 Feb. 15, 2010

Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors.

CVE-2010-0287 5.0 Feb. 15, 2010

Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.

CVE-2010-0288 7.5 Feb. 15, 2010

A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.

CVE-2010-0287 5.0 Feb. 15, 2010

Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.

Followers