PT-2010-2082 · Dokuwiki · Dokuwiki

Publicado

2010-02-15

Atualizado

2019-09-23

CVE-2010-0288

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions DokuWiki versions prior to 2009-12-25b

Description A typo in the administrator permission check in the ACL Manager plugin allows remote attackers to gain privileges and access closed wikis by editing current ACL statements. This issue has been exploited in the wild.

Recommendations For versions prior to 2009-12-25b, update to a version that includes the fix for the administrator permission check in the ACL Manager plugin. As a temporary workaround, consider restricting access to the ACL Manager plugin to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2010-0288

DSA-1976-1

Produtos afetados

Dokuwiki

PT-2010-2082 · Dokuwiki · Dokuwiki

CVE-2010-0288

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21