CVE-2010-0288

Name	CVE-2010-0288
Description	A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1976-1
Debian Bugs	565406

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
dokuwiki (PTS)	bullseye	0.0.20180422.a-2.1	fixed
	bookworm	0.0.20220731.a-2	fixed
	trixie	2024-02-06b+dfsg-7	fixed
	sid	2024-02-06b+dfsg-9	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
dokuwiki	source	etch	(not affected)
dokuwiki	source	lenny	0.0.20080505-4+lenny1		DSA-1976-1
dokuwiki	source	(unstable)	0.0.20090214b-3.1	medium		565406

[etch] - dokuwiki <not-affected> (Vulnerable code not present)
http://bugs.splitbrain.org/index.php?do=details&task_id=1847
issue being exploited