CVE-2015-2172

EPSS 1.8%

Published: 3/30/2015Modified: 5/27/2026

Also known as:DEBIAN-CVE-2015-2172

Description

DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API.

Affected packages (1)

Debian/dokuwikifrom 0, < 0.0.20140929.d-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-2172