Back to search
CVE-2010-0288
Published: Feb 15, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
dokuwiki-ajax-security-bypass(55661)
vdb-entry
x_refsource_XF
61710
vdb-entry
x_refsource_OSVDB
FEDORA-2010-0770
vendor-advisory
x_refsource_FEDORA
38183
third-party-advisory
x_refsource_SECUNIA
GLSA-201301-07
vendor-advisory
x_refsource_GENTOO
ADV-2010-0150
vdb-entry
x_refsource_VUPEN
http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security
x_refsource_CONFIRM
DSA-1976
vendor-advisory
x_refsource_DEBIAN
FEDORA-2010-0800
vendor-advisory
x_refsource_FEDORA
37820
vdb-entry
x_refsource_BID
http://bugs.splitbrain.org/index.php?do=details&task_id=1847
x_refsource_CONFIRM
11141
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now