| VID |
21977 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The DokuWiki software is vulnerable to a remote code execution vulnerability in the 'lib/exe/spellcheck.php' script. DokuWiki is a freely available wiki application written in PHP. DokuWiki versions prior to 2006/03/09 are vulnerable to a remote code execution vulnerability, caused by improper validation of user-supplied input passed to the spellchecker (spellcheck.php). A remote attacker could exploit this vulnerability using a specially-crafted POST request to execute arbitrary PHP code on the affected system.
* References:
http://www.securityfocus.com/archive/1/435989
http://secunia.com/advisories/20429
http://www.frsirt.com/english/advisories/2006/2142
http://securitytracker.com/id?1016221
http://www.hardened-php.net/advisory_042006.119.html
* Platforms Affected:
DokuWiki versions prior to 2006/03/09
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of DokuWiki (2006/03/09 or later), available from the DokuWiki Project Web page at http://www.splitbrain.org/projects/dokuwiki |
| Related URL |
CVE-2006-2878 (CVE) |
| Related URL |
15250,17843 (SecurityFocus) |
| Related URL |
22920 (ISS) |
|
