The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki prior to 2014-09-29b allows remote malicious users to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dokuwiki dokuwiki |
||
mageia mageia 4.0 |