CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-7964

The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.1%

CVSS Severity

CVSS v3 Score 8.6

CVSS v2 Score 4.3

References

http://www.securityfocus.com/bid/94245
https://github.com/splitbrain/dokuwiki/issues/1708
http://www.securityfocus.com/bid/94245
https://github.com/splitbrain/dokuwiki/issues/1708

Products affected by CVE-2016-7964

Dokuwiki » Dokuwiki » Version: 2016-06-26a

cpe:2.3:a:dokuwiki:dokuwiki:2016-06-26a

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-7964

Products

Pricing

Contact Us