| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-9646 | 5.0 |
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
|
18-05-2018 - 16:02 | 13-04-2018 - 15:29 | |
| CVE-2017-0356 | 7.5 |
A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.
|
18-05-2018 - 15:40 | 13-04-2018 - 15:29 | |
| CVE-2016-10026 | 5.0 |
ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging pe
|
04-11-2017 - 01:29 | 13-02-2017 - 18:59 |