CVE-2010-0288

Severity

75%

Complexity

99%

Confidentiality

106%

A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.

A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

DokuWiki

First reported 15 years ago

2010-02-15 18:30:00

Last updated 5 years ago

2019-09-23 18:13:00

Affected Software

DokuWiki 2004-07-04

2004-07-04

DokuWiki 2004-07-07

2004-07-07

DokuWiki 2004-07-12

2004-07-12

DokuWiki 2004-07-21

2004-07-21

DokuWiki 2004-07-25

2004-07-25

DokuWiki 2004-08-08

2004-08-08

DokuWiki 2004-08-15a

2004-08-15a

DokuWiki 2004-08-22

2004-08-22

DokuWiki 2004-09-12

2004-09-12

DokuWiki 2004-09-25

2004-09-25

DokuWiki 2004-09-30

2004-09-30

DokuWiki 2004-11-01

2004-11-01

DokuWiki 2004-11-02

2004-11-02

DokuWiki 2004-11-10

2004-11-10

DokuWiki 2005-01-14

2005-01-14

DokuWiki 2005-01-15

2005-01-15

DokuWiki 2005-01-16a

2005-01-16a

DokuWiki 2005-02-06

2005-02-06

DokuWiki 2005-02-18

2005-02-18

DokuWiki 2005-05-07

2005-05-07

DokuWiki 2005-07-01

2005-07-01

DokuWiki 2005-07-13

2005-07-13

DokuWiki 2005-09-19

2005-09-19

DokuWiki 2005-09-22

2005-09-22

DokuWiki 2006-03-05

2006-03-05

DokuWiki 2006-03-09

2006-03-09

DokuWiki 2006-03-09e

2006-03-09e

DokuWiki 2006-06-04

2006-06-04

References

http://bugs.splitbrain.org/index.php?do=details&task_id=1847

FEDORA-2010-0770

FEDORA-2010-0800

61710

38183

Vendor Advisory

GLSA-201301-07

DSA-1976

11141

37820

http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security

ADV-2010-0150

dokuwiki-ajax-security-bypass(55661)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.