← Zuruck zu CVEs
CVE-2019-25338
MEDIUM5.3
Beschreibung
DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by analyzing the server's error response messages.
CVE Details
CVSS v3.1 Bewertung5.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/12/2026
Zuletzt geandert3/2/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
dokuwiki:dokuwiki
Schwachen (CWE)
CWE-204
Referenzen
https://download.dokuwiki.org/(disclosure@vulncheck.com)
https://www.dokuwiki.org/dokuwiki(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/47731(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/dokuwiki-b-username-enumeration(disclosure@vulncheck.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.