Lucene search
HistorySep 29, 2006 - 11:07 p.m.
CVE-2006-5099
cve
dokuwiki
remote code execution
security vulnerability
imagemagick
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.3 High
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.5%
lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert.
Affected configurations
Node
andreas_gohrdokuwikiMatchrelease_2006-03-05
ORandreas_gohrdokuwikiMatchrelease_2006-03-09
ORandreas_gohrdokuwikiMatchrelease_2006-03-09e
Related
cvelist
cvelist
CVE-2006-5099
2006-09-29 23:00:00
debiancve
debiancve
CVE-2006-5099
2006-09-29 23:07:00
nvd
nvd
CVE-2006-5099
2006-09-29 23:07:00
ubuntucve
ubuntucve
CVE-2006-5099
2006-09-29 00:00:00
freebsd
freebsd
dokuwiki -- multiple vulnerabilities
2006-09-26 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200609-20 (dokuwiki)
2008-09-24 00:00:00
FreeBSD Ports: dokuwiki
2008-09-04 00:00:00
FreeBSD Ports: dokuwiki
2008-09-04 00:00:00
nessus
nessus
gentoo
gentoo
DokuWiki: Shell command injection and Denial of service
2006-09-28 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.3 High
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.5%
Related for CVE-2006-5099