⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2010-0288Dokuwiki vulnerability

CWE-2647 documents7 sources
Severity
7.5HIGHNVD
EPSS
15.6%
top 5.29%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
DokuwikiDebian Dokuwiki
Timeline
PublishedFeb 15
Latest updateMay 2

Description

A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/dokuwiki< dokuwiki 0.0.20090214b-3.1 (bookworm)
Debiandokuwiki/dokuwiki< 0.0.20090214b-3.1+3
NVDdokuwiki/dokuwikirelease_2009-02-14+28

🔴Vulnerability Details

2
GHSA
GHSA-fx5h-623c-jvh7: A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax2022-05-02
OSV
CVE-2010-0288: A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax2010-02-15

💥Exploits & PoCs

1
Exploit-DB
dokuwiki 2009-12-25 - Multiple Vulnerabilities2010-01-14

📋Vendor Advisories

2
Red Hat
dokuwiki: multiple vulnerabilities in ACL manager2010-01-17
Debian
CVE-2010-0288: dokuwiki - A typo in the administrator permission check in the ACL Manager plugin (plugins/...2010

💬Community

1
Bugzilla
CVE-2010-0287 CVE-2010-0288 CVE-2010-0289 dokuwiki: multiple vulnerabilities in ACL manager2010-01-18