CVE-2019-25338

MEDIUM

DokuWiki 2018-04-22b - Info Disclosure

Title source: llm

Description

DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by analyzing the server's error response messages.

Exploits (1)

exploitdb WORKING POC

by Talha ŞEN · textwebappsphp

https://www.exploit-db.com/exploits/47731

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47731

[Various Sources] https://www.dokuwiki.org/dokuwiki

[Various Sources] https://download.dokuwiki.org/

[Third Party Advisory] https://www.vulncheck.com/advisories/dokuwiki-b-username-enumeration

Scores

CVSS v3 5.3

EPSS 0.0005

EPSS Percentile 14.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-204

Status published

Products (1)

dokuwiki/dokuwiki 2018-04-22b

Published Feb 12, 2026

Tracked Since Feb 18, 2026