{"id":"CVE-2017-18123","details":"The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.","modified":"2026-05-18T05:49:23.155167590Z","published":"2018-02-03T15:29:00.577Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"7.0"}],"vendor_product":"debian:debian_linux","source":"CPE_FIELD","cpes":["cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}]},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00004.html"},{"type":"REPORT","url":"https://github.com/splitbrain/dokuwiki/issues/2029"},{"type":"REPORT","url":"https://github.com/splitbrain/dokuwiki/pull/2019"},{"type":"REPORT","url":"https://hackerone.com/reports/238316"},{"type":"REPORT","url":"https://lists.debian.org/debian-lts-announce/2018/02/msg00004.html"},{"type":"FIX","url":"https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86"},{"type":"FIX","url":"https://vulnhive.com/2018/000004"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dokuwiki/dokuwiki","events":[{"introduced":"0"},{"last_affected":"a5690a8c536c2fc9bdb8871714c9978ea2c19c98"}],"database_specific":{"cpe":"cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"2017-02-19e"}],"source":"CPE_FIELD"}}],"versions":["release-2017-02-19g","release-2017-02-19f","release-2016-06-26e","release-2016-06-26d","release-2016-06-26c","release-2016-06-26b","release-2014_05_05e","release-2014_05_05d","release-2014_05_05c","release-2014-05-05b","release-2013-12-08a","release-2010-11-07b","release-2010-11-07a","release-2010-11-07","release-2010-10-27rc","release-2010-10-07rc","release-2009-12-25","release-2009-12-02rc","release-2009-02-14","release-2009-02-06rc","release-2009-01-30rc","release-2009-01-26rc","release-2008-05-05","release-2008-05-04","release-2008-04-11rc","release-2008-03-31rc","release-2007-06-26","release-2007-05-24rc","release-2006-11-06","release-2006-10-19rc","release-2006-10-08rc","release-2006-09-28rc","release-2006-03-09","release-2006-03-05","release-2005-09-22","release-2005-09-19","release-2005-07-13","release-2005-07-01"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-18123.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}]}