Dokuwiki Security Vulnerabilities and Issues — Dokuwiki CVE List

Lucene search

Andreas GohrDokuwiki

5 matches found

CVE•added 2006/09/11 5:4 p.m.•55 views

CVE-2006-4674

Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php.

7.5CVSS7.3AI score0.01155EPSS

CVE•added 2006/09/11 5:4 p.m.•53 views

CVE-2006-4679

DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug".

5CVSS5.9AI score0.00574EPSS

CVE•added 2006/09/29 11:7 p.m.•46 views

CVE-2006-5099

lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert.

7.5CVSS7.3AI score0.01609EPSS

CVE•added 2006/09/11 5:4 p.m.•41 views

CVE-2006-4675

Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors.

7.5CVSS6.3AI score0.01155EPSS

CVE•added 2006/09/29 11:7 p.m.•38 views

CVE-2006-5098

lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image.

5CVSS6.3AI score0.00892EPSS