EUVD-2006-2875

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

DokuWiki spellchecker allows remote code execution via complex curly syntax in regular expressions.

Reporter	Title	Published	Views	Family All 15
CVE	CVE-2006-2878	7 Jun 200600:00	–	cve
Cvelist	CVE-2006-2878	7 Jun 200600:00	–	cvelist
Debian CVE	CVE-2006-2878	7 Jun 200600:00	–	debiancve
canvas	Immunity Canvas: DOKUWIKI_EXEC	7 Jun 200600:02	–	canvas
Tenable Nessus	DokuWiki Spell Checker Embedded Link Arbitrary PHP Code Execution	6 Jun 200600:00	–	nessus
Tenable Nessus	GLSA-200606-16 : DokuWiki: PHP code injection	16 Jun 200600:00	–	nessus
Gentoo Linux	DokuWiki: PHP code injection	14 Jun 200600:00	–	gentoo
NVD	CVE-2006-2878	7 Jun 200600:02	–	nvd
OpenVAS	FreeBSD Ports: dokuwiki	4 Sep 200800:00	–	openvas
OpenVAS	Gentoo Security Advisory GLSA 200606-16 (DokuWiki)	24 Sep 200800:00	–	openvas

[
  {
    "enisaIdVendor": [
      {
        "id": "6d06e08c-c169-355b-9377-dae1f826c488",
        "vendor": {
          "name": "n/a"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "f13610e9-abd0-3196-be99-91aafdcf8902",
        "product": {
          "name": "n/a"
        },
        "product_version": "n/a"
      }
    ]
  }
]

Source	Link
bugs	www.bugs.splitbrain.org/index.php
securityfocus	www.securityfocus.com/bid/18289
securityfocus	www.securityfocus.com/archive/1/435989/100/0/threaded
securitytracker	www.securitytracker.com/id
osvdb	www.osvdb.org/25980
secunia	www.secunia.com/advisories/20429
lists	www.lists.grok.org.uk/pipermail/full-disclosure/2006-June/046602.html
secunia	www.secunia.com/advisories/20669
vupen	www.vupen.com/english/advisories/2006/2142
hardened-php	www.hardened-php.net/advisory_042006.119.html

07 Oct 2025 00:30Current

6.1Medium risk

Vulners AI Score6.1

CVSS 27.5

EPSS0.04385

dokuwiki spellchecker php code execution remote attack regular expression