| VID |
21990 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The DokuWiki software is vulnerable to an arbitrary command execution vulnerability in the 'lib/exe/fetch.php' script. DokuWiki is a freely available wiki application written in PHP. DokuWiki version 2006/03/09 and earlier versions are vulnerable to an arbitrary remote file execution vulnerability, caused by improper validation of user-supplied input passed to the 'lib/exec/fetch.php' script. If the '$conf[imconvert]' option is enabled, a remote attacker could send a specially-crafted URL request to the 'lib/exec/fetch.php' script using the 'w' and 'h' parameters, which could allow the remote attacker execute arbitrary file on the affected host.
* References:
http://secunia.com/advisories/22192/
http://www.frsirt.com/english/advisories/2006/3851
http://www.freelists.org/archives/dokuwiki/09-2006/msg00278.html
http://bugs.splitbrain.org/?do=details&id=924
http://bugs.splitbrain.org/?do=details&id=926
* Platforms Affected:
DokuWiki version 2006/03/09 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of DokuWiki (2006-03-09e / 2006-09-28 or later), available from the DokuWiki Project Web page at http://www.splitbrain.org/projects/dokuwiki
-- OR --
As a workaround, disable DokuWiki's 'imconvert' option setting. |
| Related URL |
CVE-2006-5099 (CVE) |
| Related URL |
20257 (SecurityFocus) |
| Related URL |
29279 (ISS) |
|
