Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Debian: DLA-1413-1 Critical: DokuWiki Remote Execution Threat

debian lts
Calendar Grey July 5, 2018
Dist Debian Esm H88
This notice concerns a reflected file download vulnerability in DokuWiki, allowing unauthorized execution of arbitrary applications remotely.
The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remo...

Summary

We recommend that you upgrade your dokuwiki packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
critical
Lowest
Low
Medium
High
Critical

<pre><font face="Courier">Package: dokuwiki
Version: 0.0.20140505.a+dfsg-4+deb8u1
CVE ID: CVE-2017-18123
Debian Bug: 889281

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here