CVE-2010-0288

IN THE WILD

Dokuwiki < release_2009-02-14 - Access Control

Title source: rule

Description

A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.

Exploits (1)

exploitdb WORKING POC VERIFIED

by IHTeam · textwebappsphp

https://www.exploit-db.com/exploits/11141

View Code ZIP pw:eip

References (12)

[Various Sources] http://bugs.splitbrain.org/index.php?do=details&task_id=1847

[Third Party Advisory, VDB Entry] http://osvdb.org/61710

[Vendor Advisory] http://secunia.com/advisories/38183

[Various Sources] http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security

[Third Party Advisory] http://www.vupen.com/english/advisories/2010/0150

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/55661

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/37820

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/11141

[Third Party Advisory] http://www.debian.org/security/2010/dsa-1976

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-201301-07.xml

Scores

EPSS 0.1561

EPSS Percentile 94.7%

Details

InTheWild.io 2019-09-23

CWE

CWE-264

Status published

Products (29)

dokuwiki/dokuwiki 2004-07-04

dokuwiki/dokuwiki 2004-07-07

dokuwiki/dokuwiki 2004-07-12

dokuwiki/dokuwiki 2004-07-21

dokuwiki/dokuwiki 2004-07-25

dokuwiki/dokuwiki 2004-08-08

dokuwiki/dokuwiki 2004-08-15a

dokuwiki/dokuwiki 2004-08-22

dokuwiki/dokuwiki 2004-09-12

dokuwiki/dokuwiki 2004-09-25

... and 19 more

Published Feb 15, 2010

Tracked Since Feb 18, 2026