PT-2012-3824 · Dokuwiki · Dokuwiki

Khashayar Fereidani

Published

2012-08-27

Updated

2024-08-06

CVE-2012-2128

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions DokuWiki version 2012-01-25 Angua

Description A cross-site request forgery (CSRF) issue in doku.php allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. The vendor disputes this issue, stating it is resultant from another vulnerability, where the exploit code uses an XSS hole to extract a valid CSRF token.

Recommendations For DokuWiki version 2012-01-25 Angua, at the moment, there is no information about a newer version that contains a fix for this issue.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2012-2128

Affected Products

Dokuwiki

PT-2012-3824 · Dokuwiki · Dokuwiki

CVE-2012-2128

Weakness Enumeration

Related Identifiers

Affected Products

References · 19