CVE-2004-2560 — Gohr Dokuwiki vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

2.4%

top 14.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Andreas Gohr Dokuwiki Debian Dokuwiki

Timeline

PublishedDec 31

Latest updateApr 29

Description

DokuWiki before 2004-10-19, when used on a web server that permits execution based on file extension, allows remote attackers to execute arbitrary code by uploading a file with an appropriate extension such as ".php" or ".cgi".

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶debiandebian/dokuwiki

▶NVDandreas_gohr/dokuwiki11 versions+10

Patches

Patch: www.osvdb.org ↗Patch: www.securityfocus.com ↗Patch: www.osvdb.org ↗

🔴Vulnerability Details

GHSA

GHSA-fpgc-v2fw-7f2p: DokuWiki before 2004-10-19, when used on a web server that permits execution based on file extension, allows remote attackers to execute arbitrary cod↗2022-04-29

▶

📋Vendor Advisories

Debian

CVE-2004-2560: dokuwiki - DokuWiki before 2004-10-19, when used on a web server that permits execution bas...↗2004

▶