Unrated severityNVD Advisory· Published Apr 13, 2018· Updated Sep 16, 2024

Commit metadata forgery via CGI::FormBuilder context-dependent APIs

CVE-2016-9646

Description

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.

Affected products

Ikiwiki/Ikiwikiv5
Range: before 3.20161229

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2017/dsa-3760mitrevendor-advisoryx_refsource_DEBIAN
ikiwiki.info/security/mitrex_refsource_CONFIRM
marc.infomitremailing-listx_refsource_MLIST
security-tracker.debian.org/tracker/CVE-2016-9646mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000