CVE-2016-7964 — Server-Side Request Forgery in Dokuwiki

CWE-918 — Server-Side Request Forgery7 documents5 sources

Severity

8.6HIGHNVD

EPSS

0.3%

top 46.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dokuwiki Debian Dokuwiki

Timeline

PublishedOct 31

Latest updateMay 17

Description

The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages3 packages

▶debiandebian/dokuwiki< dokuwiki 2024-02-06b+dfsg-7 (forky)

▶Debiandokuwiki/dokuwiki< 2024-02-06b+dfsg-7+1

▶NVDdokuwiki/dokuwiki2016-06-26a

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-943p-qf6q-5m99: The sendRequest method in HTTPClient Class in file /inc/HTTPClient↗2022-05-17

▶

OSV

CVE-2016-7964: The sendRequest method in HTTPClient Class in file /inc/HTTPClient↗2016-10-31

▶

📋Vendor Advisories

Debian

CVE-2016-7964: dokuwiki - The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWi...↗2016

▶

💬Community

Bugzilla

CVE-2016-7964 CVE-2016-7965 CVE-2017-12583 CVE-2017-12979 CVE-2017-12980 CVE-2017-18123 dokuwiki: Various flaws↗2016-10-31

▶

Bugzilla

CVE-2016-7964 CVE-2016-7965 CVE-2017-12583 CVE-2017-12979 CVE-2017-12980 CVE-2017-18123 dokuwiki: Various flaws [epel-all]↗2016-10-31

▶

Bugzilla

CVE-2016-7964 CVE-2016-7965 CVE-2017-12583 CVE-2017-12979 CVE-2017-12980 CVE-2017-18123 dokuwiki: Various flaws [fedora-all]↗2016-10-31

▶