CVE-2019-25338

MEDIUM

DokuWiki 2018-04-22b - Info Disclosure

Title source: llm

Description

DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by analyzing the server's error response messages.

Exploits (1)

exploitdb WORKING POC

by Talha ŞEN · textwebappsphp

https://www.exploit-db.com/exploits/47731

View Code ZIP pw:eip

References (4)

[Various Sources] https://download.dokuwiki.org/

[Various Sources] https://www.dokuwiki.org/dokuwiki

[Third Party Advisory] https://www.vulncheck.com/advisories/dokuwiki-b-username-enumeration

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47731

Scores

CVSS v3 5.3

EPSS 0.0003

EPSS Percentile 8.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-204

Status published

Affected Products (1)

dokuwiki/dokuwiki

Timeline

Published Feb 12, 2026

Tracked Since Feb 18, 2026