Dokuwiki · Dokuwiki · CVE-2018-15474
**Name of the Vulnerable Software and Affected Versions**
DokuWiki versions 2018-04-22a and earlier
**Description**
The issue allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export in the /lib/plugins/usermanager/admin.php file. The vendor has stated that this is not a security problem in DokuWiki.
**Recommendations**
For DokuWiki versions 2018-04-22a and earlier, consider disabling the CSV export feature in the /lib/plugins/usermanager/admin.php file until a resolution is provided by the vendor.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.