Andreas Gohr

Dokuwiki

15 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-42758

  • EPSS 0.89%
  • Published 16.08.2024 18:15:10
  • Last modified 19.08.2024 18:35:14

A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki (Open Source Wiki Engine). A malicious attacker can input XSS payloads for example when creating or editing existing...

6.8

CVE-2012-2128

  • EPSS 0.38%
  • Published 27.08.2012 21:55:01
  • Last modified 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, w...

4.3

CVE-2012-2129

Exploit
  • EPSS 0.83%
  • Published 27.08.2012 21:55:01
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action.

4.3

CVE-2012-0283

  • EPSS 0.52%
  • Published 13.07.2012 21:55:02
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.ph...

4.3

CVE-2006-6965

  • EPSS 0.66%
  • Published 29.01.2007 17:28:00
  • Last modified 09.04.2025 00:30:58

CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: th...

5

CVE-2006-5098

Exploit
  • EPSS 0.89%
  • Published 29.09.2006 23:07:00
  • Last modified 09.04.2025 00:30:58

lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image.

7.5

CVE-2006-5099

Exploit
  • EPSS 1.61%
  • Published 29.09.2006 23:07:00
  • Last modified 09.04.2025 00:30:58

lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when in...

7.5

CVE-2006-4674

Exploit
  • EPSS 1.41%
  • Published 11.09.2006 17:04:00
  • Last modified 03.04.2025 01:03:51

Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php.

7.5

CVE-2006-4675

Exploit
  • EPSS 1.41%
  • Published 11.09.2006 17:04:00
  • Last modified 03.04.2025 01:03:51

Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors.

5

CVE-2006-4679

Exploit
  • EPSS 0.7%
  • Published 11.09.2006 17:04:00
  • Last modified 03.04.2025 01:03:51

DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug".