CVE-2016-7964
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-7964
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7964.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-7964
- Related
- Published
- 2016-10-31T10:59:00Z
- Modified
- 2025-04-12T13:41:49.143977Z
- Severity
-
- 8.6 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.
- References
Affected packages
Debian:11 / dokuwiki
Package
- Name
- dokuwiki
- Purl
- pkg:deb/debian/dokuwiki?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.0.20180422.a-2.1
0.0.20200729-0.1~bpo11+1
0.0.20200729-0.1
0.0.20220317~gitaeff85c-0.1~exp1
0.0.20220731.a-1
0.0.20220731.a-2
0.0.20220731.a-3
Other
2024-02-06b-0exp1
2024-02-06b-0exp2
2024-02-06b-0exp3
2024-02-06b-0exp4
2024-02-06b+dfsg-0exp1
2024-02-06b+dfsg-0exp2
2024-02-06b+dfsg-1
2024-02-06b+dfsg-2
2024-02-06b+dfsg-3
2024-02-06b+dfsg-4
2024-02-06b+dfsg-5
2024-02-06b+dfsg-6
2024-02-06b+dfsg-7
Debian:12 / dokuwiki
Package
- Name
- dokuwiki
- Purl
- pkg:deb/debian/dokuwiki?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.0.20220731.a-2
0.0.20220731.a-3
Other
2024-02-06b-0exp1
2024-02-06b-0exp2
2024-02-06b-0exp3
2024-02-06b-0exp4
2024-02-06b+dfsg-0exp1
2024-02-06b+dfsg-0exp2
2024-02-06b+dfsg-1
2024-02-06b+dfsg-2
2024-02-06b+dfsg-3
2024-02-06b+dfsg-4
2024-02-06b+dfsg-5
2024-02-06b+dfsg-6
2024-02-06b+dfsg-7
Debian:13 / dokuwiki
Package
- Name
- dokuwiki
- Purl
- pkg:deb/debian/dokuwiki?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2024-02-06b+dfsg-7
Git / github.com/splitbrain/dokuwiki
Affected ranges
- Type
- GIT
- Repo
- https://github.com/splitbrain/dokuwiki
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
Other
release-2005-07-01
release-2005-07-13
release-2005-09-19
release-2005-09-22
release-2006-03-05
release-2006-03-09
release-2006-09-28rc
release-2006-10-08rc
release-2006-10-19rc
release-2006-11-06
release-2007-05-24rc
release-2007-06-26
release-2008-03-31rc
release-2008-04-11rc
release-2008-05-04
release-2008-05-05
release-2009-01-26rc
release-2009-01-30rc
release-2009-02-06rc
release-2009-02-14
release-2009-12-02rc
release-2009-12-25
release-2010-10-07rc
release-2010-10-27rc
release-2010-11-07
release-2010-11-07a
release-2010-11-07b
release-2011-11-10rc
release-2011_05_25
release-2011_05_25a
release-2012-01-25
release-2012-01-25b
release-2012-10-13
release-2012_09_10rc
release-2013-05-10
release-2013-05-10a
release-2013-10-28rc
release-2013-11-18rc
release-2013-12-08
release-2013-12-08a
release-2013_03_06rc
release-2014-05-05
release-2014-05-05a
release-2014-05-05b
release-2014-09-29
release-2014-09-29a
release-2014_05_05c
release-2014_05_05d
release-2014_05_05e
release-2014_09_29b
release-2014_09_29c
release-2014_09_29d
release-2015-08-10
release-2015-08-10a
release-2016-06-26
release-2016-06-26a
release-2016-06-26b
release-2016-06-26c
release-2016-06-26d
release-2016-06-26e