CVE-2017-18123

Published: Feb 3, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/splitbrain/dokuwiki/pull/2019

x_refsource_MISC

https://vulnhive.com/2018/000004

x_refsource_MISC

[debian-lts-announce] 20180204 [SECURITY] [DLA 1269-1] dokuwiki security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20180705 [SECURITY] [DLA 1413-1] dokuwiki security update

mailing-list

x_refsource_MLIST

https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86

x_refsource_MISC

https://hackerone.com/reports/238316

x_refsource_MISC

https://github.com/splitbrain/dokuwiki/issues/2029

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-18123

Description

Affected Products

References