Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:16
Type | Values Removed | Values Added |
---|---|---|
References | () http://bugs.splitbrain.org/index.php?do=details&id=906 - | |
References | () http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html - Exploit | |
References | () http://secunia.com/advisories/21819 - Patch, Vendor Advisory | |
References | () http://secunia.com/advisories/21936 - | |
References | () http://security.gentoo.org/glsa/glsa-200609-10.xml - | |
References | () http://securityreason.com/securityalert/1537 - | |
References | () http://www.securityfocus.com/archive/1/445516/100/0/threaded - |
Information
Published : 2006-09-11 17:04
Updated : 2024-11-21 00:16
NVD link : CVE-2006-4674
Mitre link : CVE-2006-4674
CVE.ORG link : CVE-2006-4674
JSON object : View
Products Affected
andreas_gohr
- dokuwiki
CWE