DokuWiki 'doku.php' Local File Inclusion Vulnerability Network Vulnerability

Summary

This host is running DokuWiki and is prone to Local File Inclusion vulnerability.

Impact

Successful exploitation will allow attacker to include and execute arbitrary files from local and external resources, and can gain sensitive information about remote system directories when register_globals is enabled. Impact level: Application/System

Solution

Upgarde to version 2009-02-14b or later. http://www.dokuwiki.org/dokuwiki

Insight

The flaw is due to error in 'config_cascade[main][default][]' parameter in 'inc/init.php' is not properly verified before being used to include files to 'doku.php'.

Affected

DoKuWiki version prior to 2009-02-14b on Linux.

References

http://bugs.splitbrain.org/index.php?do=details&task_id=1700
http://secunia.com/advisories/35218

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-1960
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ArticleFR CMS Multiple Vulnerabilities - Jan15
Atmail Multiple Unspecified Security Vulnerabilities.
ASP-Dev XM Event Diary Multiple Vulnerabilities
3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
Admin Bot 'news.php' SQL Injection Vulnerability

Take action and discover your vulnerabilities