pkg:Debian/dokuwiki
42 total CVEsHIGH4MEDIUM10
✅ Check your installed version
All known vulnerabilities
- from 0, < 0.0.20160626.a-2.1
- from 0, < 0.0.20140505.a+dfsg-4+deb8u1
- from 0, < 0.0.20120125b-2+deb7u2
- HIGH8.6CVE-2016-7964The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabl…from 0
- MEDIUM6.5CVE-2025-61224Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'[56.1] allows a remote attacker to execute arbitrary code via the q p…from 0
- MEDIUM6.5CVE-2016-7965DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL.from 0
- MEDIUM6.1CVE-2024-33103An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by…from 0
- MEDIUM6.1CVE-2022-28919HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilena…from 0
- MEDIUM6.1CVE-2017-12980DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php.from 0, < 0.0.20180422.a-1
- MEDIUM6.1CVE-2017-12979DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php.from 0, < 0.0.20180422.a-1
- MEDIUM6.1CVE-2017-12583DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.from 0, < 0.0.20180422.a-1
- from 0
- MEDIUM5.3CVE-2019-25338DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify va…from 0
- MEDIUM4.3CVE-2026-26477An issue in Dokuwiki v.2025-05-14b "Librarian" [56.2] allows a remote attacker to cause a denial of service via the media_upload_xhr() func…from 0
- —CVE-2015-2172DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticat…from 0, < 0.0.20140929.d-1
- —CVE-2014-9253The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers…from 0, < 0.0.20140929.d-1
- —CVE-2014-8764DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via…from 0, < 0.0.20140929.a-1
- from 0, < 0.0.20140929.a-1
- from 0, < 0.0.20091225c-10+squeeze3
- —CVE-2014-8762The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in th…from 0, < 0.0.20140505.a+dfsg-1
- from 0, < 0.0.20120125b-2+deb7u1
- from 0, < 0.0.20140505.a+dfsg-1
- —CVE-2012-3354doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive…from 0, < 0.0.20130510a-1
- —CVE-2012-2129Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or…from 0, < 0.0.20120125a-1
- —CVE-2012-2128Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authenticati…from 0, < 0.0.20120125a-1
- —CVE-2012-0283Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote…from 0, < 0.0.20120125b-1
- —CVE-2011-2510Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to i…from 0, < 0.0.20110525a-1
- —CVE-2010-0289Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c…from 0, < 0.0.20090214b-3.1
- —CVE-2010-0288A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote…from 0, < 0.0.20090214b-3.1
- from 0, < 0.0.20090214b-3.1
- from 0, < 0.0.20080505-4+lenny1
- —CVE-2009-1960inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include a…from 0, < 0.0.20090214b-1
- —CVE-2008-5186The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct fi…from 0, < 0.0.20080505-3.1
- —CVE-2006-6965CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrar…from 0, < 0.0.20061106-1
- —CVE-2006-5098lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h…from 0, < 0.0.20060309-5.2
- —CVE-2006-5099lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execut…from 0, < 0.0.20060309-5.2
- —CVE-2006-4679DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling…from 0, < 0.0.20060309-5.1
- —CVE-2006-4674Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP cod…from 0, < 0.0.20060309-5.1
- —CVE-2006-4675Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable fil…from 0, < 0.0.20060309-5.1
- —CVE-2006-2945Unspecified vulnerability in the user profile change functionality in DokuWiki, when Access Control Lists are enabled, allows remote authen…from 0, < 0.0.20060309-4
- —CVE-2006-2878The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "…from 0, < 0.0.20060309-4
- —CVE-2006-1165Cross-site scripting (XSS) vulnerability in the mediamanager module in DokuWiki before 2006-03-05 allows remote attackers to inject arbitra…from 0, < 0.0.20060309-3