HIGH🇬🇧 English

CVE-2016-7964

CVSS 8.6v3.0pub. 2016-10-31upd. 2026-05-06

The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
  • Dokuwiki

    APP
    Dokuwiki
    2016-06-26a
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SSRF
CWE
Referencje

Powiązane podatności

CVE-2018-15474CRITICAL9.6ten sam produkt

CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWi...

CVE-2017-18123HIGH8.6ten sam produkt

The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, w...

CVE-2010-0288HIGH7.5ten sam produkt

A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki befo...

CVE-2009-1960HIGH9.3ten sam produkt

inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows ...

CVE-2026-26477MEDIUM4.3ten sam produkt

An issue in Dokuwiki v.2025-05-14b "Librarian" [56.2] allows a remote attacker to cause a denial of service vi...

CVE-2016-7964 — HIGH 8.6 | CVEbaza.pl