CVE-2016-7964
- Source
- https://cve.org/CVERecord?id=CVE-2016-7964
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7964.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-7964
- Downstream
- Published
- 2016-10-31T10:59:00.177Z
- Modified
- 2026-06-18T04:03:34.035883498Z
- Severity
-
- 8.6 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.
- References
Affected packages
Git / github.com/dokuwiki/dokuwiki
Affected ranges
- Type
- GIT
- Repo
- https://github.com/dokuwiki/dokuwiki
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "source": "CPE_STRING", "extracted_events": [ { "introduced": "0" }, { "last_affected": "2016-06-26a" } ], "cpe": "cpe:2.3:a:dokuwiki:dokuwiki:2016-06-26a:*:*:*:*:*:*:*" }
Affected versions
Other
release-2005-07-01
release-2005-07-13
release-2005-09-19
release-2005-09-22
release-2006-03-05
release-2006-03-09
release-2006-09-28rc
release-2006-10-08rc
release-2006-10-19rc
release-2006-11-06
release-2007-05-24rc
release-2007-06-26
release-2008-03-31rc
release-2008-04-11rc
release-2008-05-04
release-2008-05-05
release-2009-01-26rc
release-2009-01-30rc
release-2009-02-06rc
release-2009-02-14
release-2009-12-02rc
release-2009-12-25
release-2010-10-07rc
release-2010-10-27rc
release-2010-11-07
release-2010-11-07a
release-2010-11-07b
release-2013-12-08a
release-2014-05-05b
release-2014_05_05c
release-2014_05_05d
release-2014_05_05e
release-2016-06-26b
release-2016-06-26c
release-2016-06-26d
release-2016-06-26e