Main Vulnerability Database SB2010011402

SB2010011402 - Improper access control in DokuWiki

Published: January 14, 2010

Security Bulletin ID SB2010011402

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2010-0288)

The vulnerability allows a remote attacker to bypass implemented access controls.

The vulnerability exists due to a typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b. A remote attacker can access closed wikis by editing current ACL statements.

Successful exploitation of the vulnerability may allow an attacker to gain unauthorized access to the website.

Remediation

Install update from vendor's website.

SB2010011402 - Improper access control in DokuWiki

Breakdown by Severity

Description

Remediation

References

Please verify you're human