5

CVE-2010-0287

Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DokuwikiDokuwiki Version <= release_2009-02-14
DokuwikiDokuwiki Version2004-07-04
DokuwikiDokuwiki Version2004-07-07
DokuwikiDokuwiki Version2004-07-12
DokuwikiDokuwiki Version2004-07-21
DokuwikiDokuwiki Version2004-07-25
DokuwikiDokuwiki Version2004-08-08
DokuwikiDokuwiki Version2004-08-15a
DokuwikiDokuwiki Version2004-08-22
DokuwikiDokuwiki Version2004-09-12
DokuwikiDokuwiki Version2004-09-25
DokuwikiDokuwiki Version2004-09-30
DokuwikiDokuwiki Version2004-11-01
DokuwikiDokuwiki Version2004-11-02
DokuwikiDokuwiki Version2004-11-10
DokuwikiDokuwiki Version2005-01-14
DokuwikiDokuwiki Version2005-01-15
DokuwikiDokuwiki Version2005-01-16a
DokuwikiDokuwiki Version2005-02-06
DokuwikiDokuwiki Version2005-02-18
DokuwikiDokuwiki Version2005-05-07
DokuwikiDokuwiki Version2005-07-01
DokuwikiDokuwiki Version2005-07-13
DokuwikiDokuwiki Version2005-09-19
DokuwikiDokuwiki Version2005-09-22
DokuwikiDokuwiki Version2006-03-05
DokuwikiDokuwiki Version2006-03-09
DokuwikiDokuwiki Version2006-03-09e
DokuwikiDokuwiki Version2006-06-04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.61% 0.952
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://bugs.splitbrain.org/index.php?do=details&task_id=1847
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html
http://secunia.com/advisories/38183
Vendor Advisory
http://security.gentoo.org/glsa/glsa-201301-07.xml
http://www.debian.org/security/2010/dsa-1976
http://www.exploit-db.com/exploits/11141
http://www.securityfocus.com/bid/37821
http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security
http://www.vupen.com/english/advisories/2010/0150
https://exchange.xforce.ibmcloud.com/vulnerabilities/55660