QwikSec

Security Database

CVE

CWE

Training

CVE-2019-25338

Published: Feb 12, 2026

Modified: Mar 5, 2026

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by analyzing the server's error response messages.

Vendor	Product	Versions
Dokuwiki	Dokuwiki	affected `2018-04-22b "Greebo"`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

References

ExploitDB-47731

exploit

DokuWiki Official Homepage

product

DokuWiki Download Page

product

VulnCheck Advisory: Dokuwiki 2018-04-22b - Username Enumeration

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.