PT-2024-25116 · Dokuwiki+1 · Dokuwiki+1

Hebing123

Published

2024-04-30

Updated

2024-08-22

CVE-2024-33103

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions DokuWiki version 2024-02-06a

Description An arbitrary file upload vulnerability in the Media Manager component allows attackers to execute arbitrary code by uploading a crafted SVG file. The exploitability may be dependent on a misconfiguration of the product.

Recommendations For DokuWiki version 2024-02-06a, consider disabling the Media Manager component until a patch is available to prevent arbitrary file uploads. Restrict access to the Media Manager to minimize the risk of exploitation. Avoid using the Media Manager to upload SVG files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-33103

Affected Products

Debian

Dokuwiki

PT-2024-25116 · Dokuwiki+1 · Dokuwiki+1

CVE-2024-33103

Weakness Enumeration

Related Identifiers

Affected Products

References · 12