CVE-2014-8761

EUVD-2014-8592
inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
dokuwikidokuwiki
𝑥
≤ 2013-12-08
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dokuwiki
bookworm
0.0.20220731.a-2
fixed
bullseye
0.0.20180422.a-2.1
fixed
sid
0.0.20220731.a-3
fixed
squeeze
not-affected
trixie
0.0.20220731.a-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dokuwiki
artful
ignored
bionic
not-affected
cosmic
not-affected
disco
not-affected
lucid
ignored
precise
ignored
trusty
dne
utopic
ignored
vivid
ignored
wily
ignored
xenial
not-affected
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0438.html
http://secunia.com/advisories/61983
http://www.debian.org/security/2014/dsa-3059
http://www.openwall.com/lists/oss-security/2014/10/13/3
http://www.openwall.com/lists/oss-security/2014/10/16/9
https://bugs.dokuwiki.org/index.php?do=details&task_id=2647#comment6204
https://github.com/splitbrain/dokuwiki/issues/765
http://advisories.mageia.org/MGASA-2014-0438.html
http://secunia.com/advisories/61983
http://www.debian.org/security/2014/dsa-3059
http://www.openwall.com/lists/oss-security/2014/10/13/3
http://www.openwall.com/lists/oss-security/2014/10/16/9
https://bugs.dokuwiki.org/index.php?do=details&task_id=2647#comment6204
https://github.com/splitbrain/dokuwiki/issues/765