CVE-2010-0289

N/A Unknown

Published: February 15, 2010 Modified: April 29, 2026

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://bugs.splitbrain.org/index.php?do=details&task_id=1853

Source: secalert@redhat.com

http://freshmeat.net/projects/dokuwiki/tags/security-fix

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html

Source: secalert@redhat.com

http://osvdb.org/61708

Source: secalert@redhat.com

http://secunia.com/advisories/38205

Source: secalert@redhat.com

Vendor Advisory

http://security.gentoo.org/glsa/glsa-201301-07.xml

Source: secalert@redhat.com

http://www.debian.org/security/2010/dsa-1976

Source: secalert@redhat.com

http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security

Source: secalert@redhat.com

http://bugs.splitbrain.org/index.php?do=details&task_id=1853

Source: af854a3a-2127-422b-91ae-364da2661108

http://freshmeat.net/projects/dokuwiki/tags/security-fix

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/61708

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/38205

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://security.gentoo.org/glsa/glsa-201301-07.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2010/dsa-1976

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security

Source: af854a3a-2127-422b-91ae-364da2661108

18 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.4%

61th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-352

Affected Vendors

dokuwiki

Related CVEs

CVE-2026-40137 6.1

CVE-2026-40136 4.3

CVE-2026-40135 6.5

CVE-2026-40134 4.3

CVE-2026-40133 6.3