CVE-2016-7964

Name of the Vulnerable Software and Affected Versions DokuWiki versions 2016-06-26a and older

Description The issue allows users to scan ports of internal networks via SSRF, affecting private networks such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16, when media file fetching is enabled. This is due to the sendRequest method in the HTTPClient Class in the file /inc/HTTPClient.php having no access restrictions.

Recommendations For DokuWiki versions 2016-06-26a and older, consider disabling media file fetching to prevent SSRF attacks until a patch is available. Restrict access to the sendRequest method in the HTTPClient Class to minimize the risk of exploitation.