Dokuwiki@release 2006-03-09e Security Vulnerabilities and Issues — Dokuwiki@release 2006-03-09e CVE List

Lucene search

Andreas GohrDokuwikirelease 2006-03-09e

3 matches found

CVE•added 2006/09/29 11:7 p.m.•46 views

CVE-2006-5099

lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert.

7.5CVSS7.3AI score0.01609EPSS

CVE•added 2006/09/29 11:7 p.m.•38 views

CVE-2006-5098

lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image.

5CVSS6.3AI score0.00892EPSS

CVE•added 2007/01/29 5:28 p.m.•37 views

CVE-2006-6965

CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks.

4.3CVSS6.2AI score0.00632EPSS