Описание
The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.
Ссылки
- Patch
- ExploitIssue TrackingThird Party Advisory
- Issue Tracking
- Permissions Required
- Issue TrackingMailing ListThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- Patch
- ExploitIssue TrackingThird Party Advisory
- Issue Tracking
- Permissions Required
- Issue TrackingMailing ListThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
Уязвимые конфигурации
EPSS
8.6 High
CVSS3
9.3 Critical
CVSS2
Дефекты
Связанные уязвимости
The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.
The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19 ...
The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.
EPSS
8.6 High
CVSS3
9.3 Critical
CVSS2