Launchpad.net

CVE 2014-8762

The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter.

See the CVE page on Mitre.org for more details.