Known Vulnerabilities for products from Dokuwiki
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Dokuwiki".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2018-15474 | ** DISPUTED ** CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWi... | 9.6 - CRITICAL | 2018-09-07 | 2023-11-07 |
| CVE-2017-18123 | The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a... | 8.6 - HIGH | 2018-02-03 | 2018-07-07 |
| CVE-2017-12980 | DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacke... | 6.1 - MEDIUM | 2017-08-21 | 2017-08-25 |
| CVE-2017-12979 | DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.... | 6.1 - MEDIUM | 2017-08-21 | 2017-08-25 |
| CVE-2017-12583 | DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php. | 6.1 - MEDIUM | 2017-08-06 | 2017-08-15 |
| CVE-2016-7965 | DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. Thi... | 6.5 - MEDIUM | 2016-10-31 | 2016-11-28 |
| CVE-2016-7964 | The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fet... | 8.6 - HIGH | 2016-10-31 | 2016-12-02 |
| CVE-2015-2172 | DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remo... | 6.5 - MEDIUM | 2015-03-30 | 2019-02-05 |
| CVE-2014-9253 | The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows re... | 4.3 - MEDIUM | 2014-12-17 | 2017-09-08 |
| CVE-2014-8764 | DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass auth... | 5 - MEDIUM | 2014-10-22 | 2016-07-15 |
| CVE-2014-8763 | DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentic... | 5 - MEDIUM | 2014-10-22 | 2016-07-15 |
| CVE-2014-8762 | The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted n... | 5 - MEDIUM | 2014-10-22 | 2016-04-04 |
| CVE-2014-8761 | inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers t... | 5 - MEDIUM | 2014-10-22 | 2015-09-10 |
| CVE-2012-3354 | doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obt... | 4.3 - MEDIUM | 2012-11-20 | 2013-12-13 |
| CVE-2011-3727 | DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which revea... | 5 - MEDIUM | 2011-09-23 | 2013-12-13 |
| CVE-2011-2510 | Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote ... | 4.3 - MEDIUM | 2011-07-14 | 2017-08-29 |
| CVE-2010-0289 | Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki befor... | 6.8 - MEDIUM | 2010-02-15 | 2019-09-23 |
| CVE-2010-0288 | A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b ... | 7.5 - HIGH | 2010-02-15 | 2019-09-23 |
| CVE-2010-0287 | Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remo... | 5 - MEDIUM | 2010-02-15 | 2019-09-23 |
| CVE-2009-1960 | inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attacker... | 9.3 - HIGH | 2009-06-08 | 2023-11-07 |
Known software with vulnerabilities from Dokuwiki
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Dokuwiki | Dokuwiki | 2004-07-04 |