CVE-2010-0288

Description

A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.

Software From Fixed in
dokuwiki / dokuwiki - release_2009-02-14.x
dokuwiki / dokuwiki 2004-07-04 2004-07-04.x
dokuwiki / dokuwiki 2004-07-07 2004-07-07.x
dokuwiki / dokuwiki 2004-07-12 2004-07-12.x
dokuwiki / dokuwiki 2004-07-21 2004-07-21.x
dokuwiki / dokuwiki 2004-07-25 2004-07-25.x
dokuwiki / dokuwiki 2004-08-08 2004-08-08.x
dokuwiki / dokuwiki 2004-08-15a 2004-08-15a.x
dokuwiki / dokuwiki 2004-08-22 2004-08-22.x
dokuwiki / dokuwiki 2004-09-12 2004-09-12.x
dokuwiki / dokuwiki 2004-09-25 2004-09-25.x
dokuwiki / dokuwiki 2004-09-30 2004-09-30.x
dokuwiki / dokuwiki 2004-11-01 2004-11-01.x
dokuwiki / dokuwiki 2004-11-02 2004-11-02.x
dokuwiki / dokuwiki 2004-11-10 2004-11-10.x
dokuwiki / dokuwiki 2005-01-14 2005-01-14.x
dokuwiki / dokuwiki 2005-01-15 2005-01-15.x
dokuwiki / dokuwiki 2005-01-16a 2005-01-16a.x
dokuwiki / dokuwiki 2005-02-06 2005-02-06.x
dokuwiki / dokuwiki 2005-02-18 2005-02-18.x
dokuwiki / dokuwiki 2005-05-07 2005-05-07.x
dokuwiki / dokuwiki 2005-07-01 2005-07-01.x
dokuwiki / dokuwiki 2005-07-13 2005-07-13.x
dokuwiki / dokuwiki 2005-09-19 2005-09-19.x
dokuwiki / dokuwiki 2005-09-22 2005-09-22.x
dokuwiki / dokuwiki 2006-03-05 2006-03-05.x
dokuwiki / dokuwiki 2006-03-09 2006-03-09.x
dokuwiki / dokuwiki 2006-03-09e 2006-03-09e.x
dokuwiki / dokuwiki 2006-06-04 2006-06-04.x