Dokuwiki Extension Mismatch Arbitrary File Upload

2004-10-17T00:00:00
ID OSVDB:11084
Type osvdb
Reporter OSVDB
Modified 2004-10-17T00:00:00

Description

Vulnerability Description

DokuWiki contains a flaw that may allow a malicious user to upload arbitrary files with the permissions of the web server. The issue is triggered because the program does not perform checks on uploads. It is possible that the flaw may allow attackers to write malicious files to the server, resulting in a loss of integrity.

Solution Description

Upgrade to version 2004-10-19 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

DokuWiki contains a flaw that may allow a malicious user to upload arbitrary files with the permissions of the web server. The issue is triggered because the program does not perform checks on uploads. It is possible that the flaw may allow attackers to write malicious files to the server, resulting in a loss of integrity.

References:

Vendor URL: http://www.splitbrain.org/dokuwiki/index.php Related OSVDB ID: 11005 ISS X-Force ID: 17899 CVE-2004-2560 Bugtraq ID: 11486