Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2128

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-2128
Last Modified 26 Oct 2012 12:00:00
Published 27 Aug 2012 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2128

Summary

** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129: "the exploit code simply uses the XSS hole to extract a valid CSRF token."

Vulnerable Systems

Application

  • Andreas Gohr Dokuwiki 2012-01-25


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=815122

XF - dokuwiki-doku-xss(74907)

BID - 53041

MLIST - [oss-security] 20120422 Re: CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data

MLIST - [oss-security] 20120422 CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data

SECUNIA - 48848

BUGTRAQ - 20120417 DokuWiki Ver.2012/01/25 CSRF Add User Exploit

MISC - http://ircrash.com/uploads/dokuwiki.txt

MISC - http://bugs.dokuwiki.org/index.php?do=details&task_id=2488


Last Updated: 27 May 2016 11:00:18