CVE-2019-25338

MEDIUM

DokuWiki 2018-04-22b - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25338. PoCs published by Talha ŞEN.

AI-analyzed exploit summary This exploit demonstrates a username enumeration vulnerability in Dokuwiki 2018-04-22b by sending a POST request to the password reset endpoint. The response differs for valid and invalid usernames, allowing an attacker to enumerate users.

Description

DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by analyzing the server's error response messages.

Exploits (1)

exploitdb WORKING POC
by Talha ŞEN · textwebappsphp
https://www.exploit-db.com/exploits/47731

This exploit demonstrates a username enumeration vulnerability in Dokuwiki 2018-04-22b by sending a POST request to the password reset endpoint. The response differs for valid and invalid usernames, allowing an attacker to enumerate users.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Dokuwiki 2018-04-22b
No auth needed
Prerequisites: Access to the Dokuwiki login page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47731
Various Sources product
https://www.dokuwiki.org/dokuwiki
Various Sources product
https://download.dokuwiki.org/

Scores

CVSS v3 5.3
EPSS 0.0041
EPSS Percentile 32.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-204
Status published
Products (1)
dokuwiki/dokuwiki 2018-04-22b
Published Feb 12, 2026
Tracked Since Feb 18, 2026