Vulnerabilities > Ikiwiki > Ikiwiki > 3.20160506
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-05 | CVE-2019-9187 | Server-Side Request Forgery (SSRF) vulnerability in Ikiwiki ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. | 5.0 |
| 2018-04-13 | CVE-2017-0356 | Improper Authentication vulnerability in multiple products A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters. | 7.5 |
| 2018-04-13 | CVE-2016-9646 | Improper Authentication vulnerability in multiple products ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery. | 5.0 |