CVE-2014-8761

Published: Oct 22, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call.

Affected (1)

Products: Dokuwiki: Dokuwiki

Dokuwiki

1 product

Dokuwiki

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dokuwiki Dokuwiki	Up to 2013-12-08

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (14)

http://advisories.mageia.org/MGASA-2014-0438.html

Source: secalert@redhat.com

http://secunia.com/advisories/61983

Source: secalert@redhat.com

http://www.debian.org/security/2014/dsa-3059

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2014/10/13/3

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2014/10/16/9

Source: secalert@redhat.com

https://bugs.dokuwiki.org/index.php?do=details&task_id=2647#comment6204

Source: secalert@redhat.com

https://github.com/splitbrain/dokuwiki/issues/765

Source: secalert@redhat.com

http://advisories.mageia.org/MGASA-2014-0438.html