{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T11:54:50.219","vulnerabilities":[{"cve":{"id":"CVE-2012-2128","sourceIdentifier":"secalert@redhat.com","published":"2012-08-27T21:55:01.697","lastModified":"2026-04-29T01:13:23.040","vulnStatus":"Modified","cveTags":[{"sourceIdentifier":"secalert@redhat.com","tags":["disputed"]}],"descriptions":[{"lang":"en","value":"Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129: \"the exploit code simply uses the XSS hole to extract a valid CSRF token.\""},{"lang":"es","value":"** EN DISPUTA ** Vulnerabilidad de fasificación de peticiones en sitios cruzados (CSRF) en doku.php en DokuWiki 2012-01-25 Angua permite a atacantes remotos secuestrar la autenticación de los administradores de las solicitudes que se suman los usuarios arbitrarios. NOTA: este problema ha sido discutido por el vendedor, quien afirma que lo es de CVE-2012-2129: \". El código de explotación simplemente usa el agujero XSS para extraer un token CSRF válido\""}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:2012-01-25:*:*:*:*:*:*:*","matchCriteriaId":"266A9481-905C-4F8B-943B-73F023EC851A"}]}]}],"references":[{"url":"http://bugs.dokuwiki.org/index.php?do=details&task_id=2488","source":"secalert@redhat.com"},{"url":"http://ircrash.com/uploads/dokuwiki.txt","source":"secalert@redhat.com"},{"url":"http://seclists.org/bugtraq/2012/Apr/121","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/48848","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2012/04/22/4","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2012/04/23/1","source":"secalert@redhat.com"},{"url":"http://www.securityfocus.com/bid/53041","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815122","source":"secalert@redhat.com"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74907","source":"secalert@redhat.com"},{"url":"http://bugs.dokuwiki.org/index.php?do=details&task_id=2488","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://ircrash.com/uploads/dokuwiki.txt","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://seclists.org/bugtraq/2012/Apr/121","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/48848","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2012/04/22/4","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2012/04/23/1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/53041","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=815122","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74907","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}