CVE-2017-18123

HIGH

DokuWiki < 2017-02-19e - Reflected File Download via AJAX Call Parameter

Title source: llm
STIX 2.1

Description

The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.

References (7)

Core 7
Core References
Issue Tracking x_refsource_misc
https://github.com/splitbrain/dokuwiki/pull/2019
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://vulnhive.com/2018/000004
Issue Tracking, Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/02/msg00004.html
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/07/msg00004.html
Permissions Required x_refsource_misc
https://hackerone.com/reports/238316
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/splitbrain/dokuwiki/issues/2029

Scores

CVSS v3 8.6
EPSS 0.0265
EPSS Percentile 83.8%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (2)
debian/debian_linux 7.0
dokuwiki/dokuwiki < 2017-02-19e
Published Feb 03, 2018
Tracked Since Feb 18, 2026