
Find real vulnerabilities before they ship
An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a misconfiguration of the product.
Base Score
6.1| Base Score | 6.1 |
|---|---|
| Vector String | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
| Base Severity | Medium |
| Version | 3.1 |
| Attack Vector (AV) | NETWORK |