CVE-2016-7965
- Source
- https://cve.org/CVERecord?id=CVE-2016-7965
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7965.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-7965
- Downstream
- Published
- 2016-10-31T10:59:01.847Z
- Modified
- 2026-02-02T22:16:59.830201Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
DokuWiki 2016-06-26a and older uses $SERVER[HTTPHOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can change the URL's hostname via the HTTP Host header.) The vulnerability can be triggered only if the Host header is not part of the web server routing process (e.g., if several domains are served by the same web server).
- References
Affected packages
Git / github.com/splitbrain/dokuwiki
Affected ranges
- Type
- GIT
- Repo
- https://github.com/splitbrain/dokuwiki
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
Other
release-2005-07-01
release-2005-07-13
release-2005-09-19
release-2005-09-22
release-2006-03-05
release-2006-03-09
release-2006-09-28rc
release-2006-10-08rc
release-2006-10-19rc
release-2006-11-06
release-2007-05-24rc
release-2007-06-26
release-2008-03-31rc
release-2008-04-11rc
release-2008-05-04
release-2008-05-05
release-2009-01-26rc
release-2009-01-30rc
release-2009-02-06rc
release-2009-02-14
release-2009-12-02rc
release-2009-12-25
release-2010-10-07rc
release-2010-10-27rc
release-2010-11-07
release-2010-11-07a
release-2010-11-07b
release-2011-11-10rc
release-2011_05_25
release-2011_05_25a
release-2012-01-25
release-2012-01-25b
release-2012-10-13
release-2012_09_10rc
release-2013-05-10
release-2013-05-10a
release-2013-10-28rc
release-2013-11-18rc
release-2013-12-08
release-2013-12-08a
release-2013_03_06rc
release-2014-05-05
release-2014-05-05a
release-2014-05-05b
release-2014-09-29
release-2014-09-29a
release-2014_05_05c
release-2014_05_05d
release-2014_05_05e
release-2014_09_29b
release-2014_09_29c
release-2014_09_29d
release-2015-08-10
release-2015-08-10a
release-2016-06-26
release-2016-06-26a
release-2016-06-26b
release-2016-06-26c
release-2016-06-26d
release-2016-06-26e