CVE-2010-0289 — Cross-Site Request Forgery in Dokuwiki

CWE-352 — Cross-Site Request Forgery6 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

0.4%

top 39.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dokuwiki Debian Dokuwiki

Timeline

PublishedFeb 15

Latest updateMay 2

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/dokuwiki< dokuwiki 0.0.20090214b-3.1 (bookworm)

▶Debiandokuwiki/dokuwiki< 0.0.20090214b-3.1+3

▶NVDdokuwiki/dokuwikirelease_2009-02-14+28

🔴Vulnerability Details

GHSA

GHSA-xw78-vx8x-r728: Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax↗2022-05-02

▶

OSV

CVE-2010-0289: Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax↗2010-02-15

▶

📋Vendor Advisories

Red Hat

dokuwiki: multiple vulnerabilities in ACL manager↗2010-01-17

▶

Debian

CVE-2010-0289: dokuwiki - Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager pl...↗2010

▶

💬Community

Bugzilla

CVE-2010-0287 CVE-2010-0288 CVE-2010-0289 dokuwiki: multiple vulnerabilities in ACL manager↗2010-01-18

▶