7.5
CVE-2010-0288
- EPSS 10.55%
- Veröffentlicht 15.02.2010 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:15:51
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.55% | 0.952 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://bugs.splitbrain.org/index.php?do=details&task_id=1847
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html
http://secunia.com/advisories/38183
http://security.gentoo.org/glsa/glsa-201301-07.xml
http://www.debian.org/security/2010/dsa-1976
http://www.exploit-db.com/exploits/11141
http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security
http://www.vupen.com/english/advisories/2010/0150
http://osvdb.org/61710
http://www.securityfocus.com/bid/37820
https://exchange.xforce.ibmcloud.com/vulnerabilities/55661