CVE-2010-0289

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors.

How to fix CVE-2010-0289

To remediate CVE-2010-0289, upgrade the affected package to a fixed version below.

• Debian/dokuwiki—upgrade to 0.0.20090214b-3.1 or later

Is CVE-2010-0289 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.0.20090214b-3.1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-0289