inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote malicious users to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dokuwiki dokuwiki rc2009-02-06 |
||
dokuwiki dokuwiki 2009-02-14 |
||
dokuwiki dokuwiki rc2009-01-30 |