CVE-2011-3727

Name of the Vulnerable Software and Affected Versions DokuWiki version 2009-12-25c

Description The issue allows remote attackers to obtain sensitive information via a direct request to a .php file. This is demonstrated by requesting files such as lib/tpl/index.php, which reveals the installation path in an error message.

Recommendations For DokuWiki version 2009-12-25c, consider restricting direct access to .php files to minimize the risk of exploitation. As a temporary workaround, limit access to sensitive files such as lib/tpl/index.php until a more permanent solution is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.