Vulnerabilities > Dokuwiki > Dokuwiki > rc2009.01.30

DATE CVE VULNERABILITY TITLE RISK
2010-02-15 CVE-2010-0289 Cross-Site Request Forgery (CSRF) vulnerability in Dokuwiki
Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors.
network
dokuwiki CWE-352
6.8
6.8
2010-02-15 CVE-2010-0288 Permissions, Privileges, and Access Controls vulnerability in Dokuwiki
A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.
network
low complexity
dokuwiki CWE-264
7.5
7.5
2010-02-15 CVE-2010-0287 Path Traversal vulnerability in Dokuwiki
Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a ..
network
low complexity
dokuwiki CWE-22
5.0
5.0