Lucene search

K
cve[email protected]CVE-2014-8762
HistoryOct 22, 2014 - 2:55 p.m.

CVE-2014-8762

2014-10-2214:55:00
CWE-200
web.nvd.nist.gov
23
cve-2014-8762
ajax_mediadiff
dokuwiki
remote attackers
arbitrary images
nvd

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

79.2%

The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter.

CPENameOperatorVersion
dokuwiki:dokuwikidokuwikile2013-12-08

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

79.2%