lib/exec/fetch.php in DokuWiki prior to 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote malicious users to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
andreas gohr dokuwiki release_2006-03-05 |
||
andreas gohr dokuwiki release_2006-03-09 |
||
andreas gohr dokuwiki release_2006-03-09e |