Main Vulnerability Database Vulnerabilities #VU6180

Improper access control in DokuWiki - CVE-2010-0288

Published: March 24, 2017 / Updated: September 14, 2018

Vulnerability identifier: #VU6180

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2010-0288

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: DokuWiki

Affected software:
DokuWiki

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented access controls.

The vulnerability exists due to a typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b. A remote attacker can access closed wikis by editing current ACL statements.

Successful exploitation of the vulnerability may allow an attacker to gain unauthorized access to the website.

Improper access control in DokuWiki - CVE-2010-0288

Detailed vulnerability description

How to mitigate CVE-2010-0288

Sources

Improper access control in DokuWiki - CVE-2010-0288

Detailed vulnerability description

How to mitigate CVE-2010-0288

Sources

Please verify you're human