CVE-2019-25338 | THREATINT

Description

DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by analyzing the server's error response messages.

PUBLISHED Reserved 2026-02-12 | Published 2026-02-12 | Updated 2026-02-13 | Assigner VulnCheck

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Observable Response Discrepancy

Product status

2018-04-22b "Greebo"

affected

Credits

Talha ŞEN finder

References

www.exploit-db.com/exploits/47731 (ExploitDB-47731) exploit

www.dokuwiki.org/dokuwiki (DokuWiki Official Homepage) product

download.dokuwiki.org/ (DokuWiki Download Page) product

www.vulncheck.com/advisories/dokuwiki-b-username-enumeration (VulnCheck Advisory: Dokuwiki 2018-04-22b - Username Enumeration) third-party-advisory

cve.org (CVE-2019-25338)

nvd.nist.gov (CVE-2019-25338)

Download JSON