DokuWiki Multiple Cross Site Request Forgery Vulnerabilities Network Vulnerability

Summary

This host is installed with Dokuwiki and is prone to multiple Cross Site Scripting vulnerabilities.

Impact

Successful exploitation allows attackers to conduct cross site request forgery attacks via unknown vectors. Impact Level: Application.

Solution

Update to version 2009-12-25c or later. For updates refer to http://www.splitbrain.org/go/dokuwiki

Insight

The flaws are due to error in 'ACL' Manager plugin (plugins/acl/ajax.php) that allows users to perform certain actions via HTTP requests without performing any validity checks.

Affected

Dokuwiki versions prior to 2009-12-25c

References

http://bugs.splitbrain.org/index.php?do=details&task_id=1853
http://secunia.com/advisories/38205
http://www.vupen.com/english/advisories/2010/0150

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0289
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
Apache Struts2 'XWork' Information Disclosure Vulnerability
Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities