CVE-2019-25338

MEDIUM
2026-02-12 [email protected]
5.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 22:02 vuln.today
PoC Detected
Mar 02, 2026 - 15:16 vuln.today
Public exploit code
CVE Published
Feb 12, 2026 - 23:16 nvd
MEDIUM 5.3

Tags

Information Disclosure Dokuwiki

Description

DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by analyzing the server's error response messages.

Analysis

Dokuwiki versions up to 2018-04-22b contains a vulnerability that allows attackers to identify valid user accounts (CVSS 5.3).

Technical Context

exists in the its password reset component. DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by analyzing the server's error response messages.

Affected Products

Vendor: Dokuwiki. Product: Dokuwiki. Versions: up to 2018-04-22b. Component: its password reset.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

47
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +26
POC: +20

Share

CVE-2019-25338 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy