Source: dokuwiki Version: 0.0.20160626.a-2 Severity: important Tags: patch security upstream Forwarded: https://github.com/splitbrain/dokuwiki/issues/2029 Control: found -1 0.0.20140505.a+dfsg-4
Hi, the following vulnerability was published for dokuwiki. CVE-2017-18123[0]: | The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e | does not properly encode user input, which leads to a reflected file | download vulnerability, and allows remote attackers to run arbitrary | programs. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-18123 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18123 [1] https://github.com/splitbrain/dokuwiki/issues/2029 [2] https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86 Regards, Salvatore _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
