VDB
CVE-2019-25338
CVE-2019-25338
PUBLISHED
DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by analyzing the server's error response messages.
EPSS 0.05% · 15.3th percentile
Risk Scores
EPSS Score
0.05%
15.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:24.04:LTS | dokuwiki | 0.0.20220731.a-2, 0 |
| Ubuntu:16.04:LTS | dokuwiki | *, 0, 0.0.20140929.d-1ubuntu1 |
| Ubuntu:18.04:LTS | dokuwiki | 0.0.20160626.a-2, 0 |
| Ubuntu:22.04:LTS | dokuwiki | 0.0.20180422.a-2.1, 0 |
| Ubuntu:25.10 | dokuwiki | 0, 2024-02-06b+dfsg-4, 2024-02-06b+dfsg-9 |
| Ubuntu:20.04:LTS | dokuwiki | 0.0.20180422.a-2, 0 |
Exploit Intelligence
Timeline
- Feb 12, 2026 CVE Published
- Feb 13, 2026 EPSS Score
- Feb 15, 2026 EPSS Score
- Feb 17, 2026 EPSS Score
- Feb 19, 2026 EPSS Score
- Feb 21, 2026 EPSS Score
- Feb 23, 2026 EPSS Score
- Feb 25, 2026 EPSS Score
- Feb 27, 2026 EPSS Score
- Mar 1, 2026 EPSS Score
- Mar 3, 2026 EPSS Score
- Mar 5, 2026 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-25338 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-25338 third-party-advisory
- https://download.dokuwiki.org/ third-party-advisory
- https://www.dokuwiki.org/dokuwiki third-party-advisory
- https://www.exploit-db.com/exploits/47731 third-party-advisory
- https://www.vulncheck.com/advisories/dokuwiki-b-username-enumeration third-party-advisory