[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-1960Date: (C)2009-06-07   (M)2023-12-22


inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
BID-35095
SECUNIA-35218
EXPLOIT-DB-8781
EXPLOIT-DB-8812
http://bugs.splitbrain.org/index.php?do=details&task_id=1700
http://dev.splitbrain.org/darcsweb/darcsweb.cgi?r=dokuwiki%3Ba=commitdiff%3Bh=20090526145030-7ad00-c0483e021f47898c8597f3bfbdd26c637f891d86.gz

CPE    3
cpe:/a:dokuwiki:dokuwiki:rc2009-01-30
cpe:/a:dokuwiki:dokuwiki:2009-02-14
cpe:/a:dokuwiki:dokuwiki:rc2009-02-06
CWE    1
CWE-94

© SecPod Technologies