CVE-2016-7964 Information

Description

The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older when media file fetching is enabled has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF such as 10.0.0.1/8 172.16.0.0/12 and 192.168.0.0/16.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/94245 https://github.com/splitbrain/dokuwiki/issues/1708

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

8.6