Vulnerabilities > Dokuwiki > Dokuwiki > 2013.12.08a
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-02-15 | CVE-2010-0289 | Cross-Site Request Forgery (CSRF) vulnerability in Dokuwiki Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors. | 6.8 |
2010-02-15 | CVE-2010-0288 | Permissions, Privileges, and Access Controls vulnerability in Dokuwiki A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010. | 7.5 |
2010-02-15 | CVE-2010-0287 | Path Traversal vulnerability in Dokuwiki Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. | 5.0 |