DokuWiki ACL Plugin Privilege Escalation Vulnerability
CVE-2015-2172 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API.
Learn more about our Api Penetration Testing.