PT-2018-13040 · Dokuwiki · Dokuwiki
Jean-Benjamin Rousseau
·
Publicado
2018-09-07
·
Atualizado
2024-08-05
·
CVE-2018-15474
CVSS v3.1
9.6
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
DokuWiki versions 2018-04-22a and earlier
Description
The issue allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export in the /lib/plugins/usermanager/admin.php file. The vendor has stated that this is not a security problem in DokuWiki.
Recommendations
For DokuWiki versions 2018-04-22a and earlier, consider disabling the CSV export feature in the /lib/plugins/usermanager/admin.php file until a resolution is provided by the vendor.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Dokuwiki