
Find real vulnerabilities before they ship
The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.
Base Score
8.6| Base Score | 8.6 |
|---|---|
| Vector String | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
| Base Severity | High |
| Version | 3.0 |
| Attack Vector (AV) | LOCAL |