FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dokuwiki -- Local File Inclusion with register_globals on

Affected packages
dokuwiki < 20090214_2
0 < dokuwiki-devel

Details

VuXML ID 4f838b74-50a1-11de-b01f-001c2514716c
Discovery 2009-05-26
Entry 2009-06-04
Modified 2010-05-02

DokuWiki reports:

A security hole was discovered which allows an attacker to include arbitrary files located on the attacked DokuWiki installation. The included file is executed in the PHP context. This can be escalated by introducing malicious code through uploading file via the media manager or placing PHP code in editable pages.

References

CVE Name CVE-2009-1960
URL http://bugs.splitbrain.org/index.php?do=details&task_id=1700