CVE-2012-2128

Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129: "the exploit code simply uses the XSS hole to extract a valid CSRF token."

Published: Aug 27, 2012
Updated: Nov 8, 2023
CVE: CVE-2012-2128
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
andreas_gohr / dokuwiki	2012-01-25	2012-01-25.x

http://bugs.dokuwiki.org/index.php?do=details&task_id=2488
http://ircrash.com/uploads/dokuwiki.txt
http://seclists.org/bugtraq/2012/Apr/121
http://secunia.com/advisories/48848
http://www.openwall.com/lists/oss-security/2012/04/22/4
http://www.openwall.com/lists/oss-security/2012/04/23/1
http://www.securityfocus.com/bid/53041
https://bugzilla.redhat.com/show_bug.cgi?id=815122
https://exchange.xforce.ibmcloud.com/vulnerabilities/74907

Vulnerability Database

289,697

CVE-2012-2128