Direct static code injection vulnerability in doku.php in DokuWiki prior to 2006-030-09c allows remote malicious users to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
andreas gohr dokuwiki release_2004-07-25 |
||
andreas gohr dokuwiki release_2004-08-08 |
||
andreas gohr dokuwiki release_2004-11-01 |
||
andreas gohr dokuwiki release_2004-11-02 |
||
andreas gohr dokuwiki release_2005-07-01 |
||
andreas gohr dokuwiki release_2005-07-13 |
||
andreas gohr dokuwiki release_2004-07-04 |
||
andreas gohr dokuwiki release_2004-07-07 |
||
andreas gohr dokuwiki release_2004-09-12 |
||
andreas gohr dokuwiki release_2004-09-25 |
||
andreas gohr dokuwiki release_2005-01-16a |
||
andreas gohr dokuwiki release_2005-02-06 |
||
andreas gohr dokuwiki release_2006-03-05 |
||
andreas gohr dokuwiki |
||
andreas gohr dokuwiki release_2004-08-15a |
||
andreas gohr dokuwiki release_2004-08-22 |
||
andreas gohr dokuwiki release_2004-11-10 |
||
andreas gohr dokuwiki release_2005-01-14 |
||
andreas gohr dokuwiki release_2005-01-15 |
||
andreas gohr dokuwiki release_2005-09-19 |
||
andreas gohr dokuwiki release_2005-09-22 |
||
andreas gohr dokuwiki release_2004-07-12 |
||
andreas gohr dokuwiki release_2004-07-21 |
||
andreas gohr dokuwiki release_2004-09-30 |
||
andreas gohr dokuwiki release_2004-10-19 |
||
andreas gohr dokuwiki release_2005-02-18 |
||
andreas gohr dokuwiki release_2005-05-07 |
Vulmon