CVE-2015-2172 on Ubuntu 12.04 LTS (precise) - low.
Description:
DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API.