VDB
GCVE-110-MAGEIA-2014-438
GCVE-110-MAGEIA-2014-438
Advisory Published
inc/template.php in DokuWiki before 2014-05-05a only checks for access to the
root namespace, which allows remote attackers to access arbitrary images via a
media file details ajax call (CVE-2014-8761).
The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote
attackers to access arbitrary images via a crafted namespace in the ns
parameter (CVE-2014-8762).
DokuWiki before 2014-05-05b, when using Active Directory for LDAP
authentication, allows remote attackers to bypass authentication via a
password starting with a null (\0) character and a valid user name, which
triggers an unauthenticated bind (CVE-2014-8763).
DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP
authentication, allows remote attackers to bypass authentication via a user
name and password starting with a null (\0) character, which triggers an
anonymous bind (CVE-2014-8764).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | dokuwiki | 20140929-1.1.mga3 (unaffected), 0 (affected) | — |
| Mageia | dokuwiki | 0 (affected), 20140929-1.1.mga4 (unaffected) | — |
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.