CVE-2017-18123

The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-02-03 15:29

Updated : 2024-02-04 19:46


NVD link : CVE-2017-18123

Mitre link : CVE-2017-18123

CVE.ORG link : CVE-2017-18123


JSON object : View

Products Affected

debian

  • debian_linux

dokuwiki

  • dokuwiki
CWE
CWE-20

Improper Input Validation