DokuWiki ajax.php cmd[del] Parameter Security Bypass

high Nessus Plugin ID 44059

Synopsis

The remote web server is hosting an application that is affected by a security bypass vulnerability.

Description

The remote web server is hosting a version of DokuWiki that is affected by a security bypass vulnerability in the 'cmd[del]', parameter of the 'lib/plugins/acl/ajax.php' script.

An attacker, exploiting this flaw, could modify modify the ACL settings for a specified user or group.

Note that this vulnerability may affect several other parameters and that the installed version of DokuWiki may also be affected by an information disclosure vulnerability, although Nessus has not tested for those issues.

Solution

Upgrade to DokuWiki Release 2009-12-25b or later.

See Also

https://www.dokuwiki.org/changes#release_2009-12-25b_lemming

Plugin Details

Severity: High

ID: 44059

File Name: dokuwiki_acl_security_bypass_vulnerability.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 1/19/2010

Updated: 6/1/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/PHP, www/dokuwiki

Excluded KB Items: Settings/disable_cgi_abuses

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/15/2010

Vulnerability Publication Date: 1/15/2010

Reference Information

CVE: CVE-2010-0288

BID: 37820

CWE: 264

Secunia: 38183