CVE-2016-7964

Source
https://cve.org/CVERecord?id=CVE-2016-7964
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7964.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-7964
Downstream
Published
2016-10-31T10:59:00.177Z
Modified
2026-07-08T12:44:36.870269Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.

References

Affected packages

Git / github.com/dokuwiki/dokuwiki

Affected ranges

Type
GIT
Repo
https://github.com/dokuwiki/dokuwiki
Events
Database specific
{
    "cpe": "cpe:2.3:a:dokuwiki:dokuwiki:2016-06-26a:*:*:*:*:*:*:*",
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "2016-06-26a"
        },
        {
            "last_affected": "2016-06-26a"
        }
    ]
}

Affected versions

Other
2016-06-26a
release-2016-06-26e

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7964.json"