PT-2010-2082 · Dokuwiki · Dokuwiki

Published

2010-02-15

Updated

2019-09-23

CVE-2010-0288

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions DokuWiki versions prior to 2009-12-25b

Description A typo in the administrator permission check in the ACL Manager plugin allows remote attackers to gain privileges and access closed wikis by editing current ACL statements. This issue has been exploited in the wild.

Recommendations For versions prior to 2009-12-25b, update to a version that includes the fix for the administrator permission check in the ACL Manager plugin. As a temporary workaround, consider restricting access to the ACL Manager plugin to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2010-0288

DSA-1976-1

Affected Products

Dokuwiki

PT-2010-2082 · Dokuwiki · Dokuwiki

CVE-2010-0288

Weakness Enumeration

Related Identifiers

Affected Products

References · 21