The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and previous versions allows remote malicious users to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
andreas gohr dokuwiki release_2004-07-04 |
||
andreas gohr dokuwiki release_2004-08-22 |
||
andreas gohr dokuwiki release_2004-09-12 |
||
andreas gohr dokuwiki release_2005-01-14 |
||
andreas gohr dokuwiki release_2005-01-15 |
||
andreas gohr dokuwiki release_2005-09-22 |
||
andreas gohr dokuwiki release_2006-03-05 |
||
andreas gohr dokuwiki release_2004-08-08 |
||
andreas gohr dokuwiki release_2004-08-15a |
||
andreas gohr dokuwiki release_2004-11-02 |
||
andreas gohr dokuwiki release_2004-11-10 |
||
andreas gohr dokuwiki release_2005-07-01 |
||
andreas gohr dokuwiki release_2005-07-13 |
||
andreas gohr dokuwiki release_2005-09-19 |
||
andreas gohr dokuwiki release_2004-07-07 |
||
andreas gohr dokuwiki release_2004-07-12 |
||
andreas gohr dokuwiki release_2004-09-25 |
||
andreas gohr dokuwiki release_2004-09-30 |
||
andreas gohr dokuwiki release_2005-01-16a |
||
andreas gohr dokuwiki release_2005-02-06 |
||
andreas gohr dokuwiki |
||
andreas gohr dokuwiki release_2004-07-21 |
||
andreas gohr dokuwiki release_2004-07-25 |
||
andreas gohr dokuwiki release_2004-10-19 |
||
andreas gohr dokuwiki release_2004-11-01 |
||
andreas gohr dokuwiki release_2005-02-18 |
||
andreas gohr dokuwiki release_2005-05-07 |
Vulmon