Andreas Gohr

Dokuwiki

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-42758

  • EPSS 0.7%
  • Veröffentlicht 16.08.2024 18:15:10
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki (Open Source Wiki Engine). A malicious attacker can input XSS payloads for example when creating or editing existing...

6.8

CVE-2012-2128

  • EPSS 1.24%
  • Veröffentlicht 27.08.2012 21:55:01
  • Zuletzt bearbeitet 16.06.2026 23:41:02

Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, w...

4.3

CVE-2012-2129

Exploit
  • EPSS 2.56%
  • Veröffentlicht 27.08.2012 21:55:01
  • Zuletzt bearbeitet 16.06.2026 23:41:02

Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action.

4.3

CVE-2012-0283

  • EPSS 1.36%
  • Veröffentlicht 13.07.2012 21:55:02
  • Zuletzt bearbeitet 16.06.2026 23:37:02

Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.ph...

4.3

CVE-2006-6965

  • EPSS 1.32%
  • Veröffentlicht 29.01.2007 17:28:00
  • Zuletzt bearbeitet 16.06.2026 22:34:08

CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: th...

5

CVE-2006-5098

Exploit
  • EPSS 1.63%
  • Veröffentlicht 29.09.2006 23:07:00
  • Zuletzt bearbeitet 16.06.2026 22:30:29

lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image.

7.5

CVE-2006-5099

Exploit
  • EPSS 2.15%
  • Veröffentlicht 29.09.2006 23:07:00
  • Zuletzt bearbeitet 16.06.2026 22:30:29

lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when in...

7.5

CVE-2006-4674

Exploit
  • EPSS 1.94%
  • Veröffentlicht 11.09.2006 17:04:00
  • Zuletzt bearbeitet 16.06.2026 22:29:34

Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php.

7.5

CVE-2006-4675

Exploit
  • EPSS 1.88%
  • Veröffentlicht 11.09.2006 17:04:00
  • Zuletzt bearbeitet 16.06.2026 22:29:34

Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors.

5

CVE-2006-4679

Exploit
  • EPSS 1.66%
  • Veröffentlicht 11.09.2006 17:04:00
  • Zuletzt bearbeitet 16.06.2026 22:29:34

DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug".