An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a misconfiguration of the product.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | dokuwiki | <= 0.0.20220731.a-2 | dokuwiki_0.0.20220731.a-2_all.deb |
Debian | 11 | all | dokuwiki | <= 0.0.20180422.a-2.1 | dokuwiki_0.0.20180422.a-2.1_all.deb |
Debian | 999 | all | dokuwiki | <= 0.0.20220731.a-2 | dokuwiki_0.0.20220731.a-2_all.deb |
Debian | 13 | all | dokuwiki | <= 0.0.20220731.a-2 | dokuwiki_0.0.20220731.a-2_all.deb |