A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.
Software | From | Fixed in |
---|---|---|
dokuwiki / dokuwiki | - | release_2009-02-14.x |
dokuwiki / dokuwiki | 2004-07-04 | 2004-07-04.x |
dokuwiki / dokuwiki | 2004-07-07 | 2004-07-07.x |
dokuwiki / dokuwiki | 2004-07-12 | 2004-07-12.x |
dokuwiki / dokuwiki | 2004-07-21 | 2004-07-21.x |
dokuwiki / dokuwiki | 2004-07-25 | 2004-07-25.x |
dokuwiki / dokuwiki | 2004-08-08 | 2004-08-08.x |
dokuwiki / dokuwiki | 2004-08-15a | 2004-08-15a.x |
dokuwiki / dokuwiki | 2004-08-22 | 2004-08-22.x |
dokuwiki / dokuwiki | 2004-09-12 | 2004-09-12.x |
dokuwiki / dokuwiki | 2004-09-25 | 2004-09-25.x |
dokuwiki / dokuwiki | 2004-09-30 | 2004-09-30.x |
dokuwiki / dokuwiki | 2004-11-01 | 2004-11-01.x |
dokuwiki / dokuwiki | 2004-11-02 | 2004-11-02.x |
dokuwiki / dokuwiki | 2004-11-10 | 2004-11-10.x |
dokuwiki / dokuwiki | 2005-01-14 | 2005-01-14.x |
dokuwiki / dokuwiki | 2005-01-15 | 2005-01-15.x |
dokuwiki / dokuwiki | 2005-01-16a | 2005-01-16a.x |
dokuwiki / dokuwiki | 2005-02-06 | 2005-02-06.x |
dokuwiki / dokuwiki | 2005-02-18 | 2005-02-18.x |
dokuwiki / dokuwiki | 2005-05-07 | 2005-05-07.x |
dokuwiki / dokuwiki | 2005-07-01 | 2005-07-01.x |
dokuwiki / dokuwiki | 2005-07-13 | 2005-07-13.x |
dokuwiki / dokuwiki | 2005-09-19 | 2005-09-19.x |
dokuwiki / dokuwiki | 2005-09-22 | 2005-09-22.x |
dokuwiki / dokuwiki | 2006-03-05 | 2006-03-05.x |
dokuwiki / dokuwiki | 2006-03-09 | 2006-03-09.x |
dokuwiki / dokuwiki | 2006-03-09e | 2006-03-09e.x |
dokuwiki / dokuwiki | 2006-06-04 | 2006-06-04.x |