CVE-2006-1165 — NULL Pointer Dereference in Dokuwiki

CWE-476 — NULL Pointer Dereference5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 37.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dokuwiki Debian Dokuwiki Andreas Gohr Dokuwiki

Timeline

PublishedMar 12

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in the mediamanager module in DokuWiki before 2006-03-05 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors relating to "handling EXIF data."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/dokuwiki< dokuwiki 0.0.20060309-3 (bookworm)

▶Debiandokuwiki/dokuwiki< 0.0.20060309-3+3

▶NVDandreas_gohr/dokuwiki26 versions+25

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-cw28-j5q4-x7vv: Cross-site scripting (XSS) vulnerability in the mediamanager module in DokuWiki before 2006-03-05 allows remote attackers to inject arbitrary web scri↗2022-05-01

▶

OSV

CVE-2006-1165: Cross-site scripting (XSS) vulnerability in the mediamanager module in DokuWiki before 2006-03-05 allows remote attackers to inject arbitrary web scri↗2006-03-12

▶

📋Vendor Advisories

Red Hat

openssl: mime_param_cmp NULL dereference crash↗2012-03-12

▶

Debian

CVE-2006-1165: dokuwiki - Cross-site scripting (XSS) vulnerability in the mediamanager module in DokuWiki ...↗2006

▶