← Back

CVE-2017-18123

nvd nist
Published: Feb 3, 2018Modified: Nov 21, 2024

JSON object

Loading...
8.6
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 6.0
Source: NVD

Description

The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.

Affected (2)

Dokuwiki
1 product
Dokuwiki
Debian
1 product
Debian Linux
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Dokuwiki
Up to 2017-02-19e
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 7.0

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (14)

Source: cve@mitre.org
Patch
Source: cve@mitre.org
ExploitIssue TrackingThird Party Advisory
Source: cve@mitre.org
Issue Tracking
Source: cve@mitre.org
Permissions Required
Source: cve@mitre.org
Issue TrackingMailing ListThird Party Advisory
Source: cve@mitre.org
Source: cve@mitre.org
ExploitIssue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingPatchThird Party Advisory

Timeline

No history available yet.