Submit #753966: Foswiki 2.1.10 and before Information Disclosureinfo

TitelFoswiki 2.1.10 and before Information Disclosure
BeschreibungAffected components: oops, changes and preview service endpoints Attack vector(s): To exploit the vulnerablility a specific HTTP url must be crafted. No local user account is required. Suggested description of the vulnerability for use in the CVE: An anonymous user can craft an HTTP url to the oops, changes or preview endpoint and disclose protected information. For example https://mysite.com/bin/oops/Web/SecretTopicWithFormData?template=view will disclose any data stored a the given page. Discoverer(s)/Credits: Jan Seebens (Deutsche Telekom Technik GmbH), Michael Daum (Michael Daum Consulting)
Quelle⚠️ https://foswiki.org/Tasks/Item15600
Benutzer
 Michael Daum (UID 95314)
Einreichung07.02.2026 11:41 (vor 3 Monaten)
Moderieren20.02.2026 15:07 (13 days later)
StatusAkzeptiert
VulDB Eintrag347101 [Foswiki bis 2.1.10 Changes/Viewfile/Oops Information Disclosure]
Punkte20

ZurückÜbersichtWeiter

Do you know our Splunk app?

Download it now for free!