DokuWiki ACL Plugin Privilege Escalation Vulnerability

DokuWiki ACL Plugin Privilege Escalation Vulnerability

CVE-2015-2172 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API.

Learn more about our Api Penetration Testing.