CVE-2006-4679 — Dokuwiki vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 27.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dokuwiki Debian Dokuwiki Andreas Gohr Dokuwiki

Timeline

PublishedSep 11

Latest updateMay 1

Description

DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug".

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/dokuwiki< dokuwiki 0.0.20060309-5.1 (bookworm)

▶Debiandokuwiki/dokuwiki< 0.0.20060309-5.1+3

▶NVDandreas_gohr/dokuwikirelease_2006-03-09+26

🔴Vulnerability Details

GHSA

GHSA-v3v7-2m7q-j6jq: DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku↗2022-05-01

▶

OSV

CVE-2006-4679: DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku↗2006-09-11

▶

📋Vendor Advisories

Debian

CVE-2006-4679: dokuwiki - DokuWiki before 2006-03-09c enables the debug feature by default, which allows r...↗2006

▶