Back to search
CVE-2006-2878
Published: Jun 7, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://bugs.splitbrain.org/index.php?do=details&id=823
x_refsource_CONFIRM
18289
vdb-entry
x_refsource_BID
20060605 Advisory 04/2006: DokuWiki PHP code execution vulnerability in spellchecker
mailing-list
x_refsource_BUGTRAQ
1016221
vdb-entry
x_refsource_SECTRACK
25980
vdb-entry
x_refsource_OSVDB
20429
third-party-advisory
x_refsource_SECUNIA
20060605 Advisory 04/2006: DokuWiki PHP code execution vulnerability in spellchecker
mailing-list
x_refsource_FULLDISC
20669
third-party-advisory
x_refsource_SECUNIA
ADV-2006-2142
vdb-entry
x_refsource_VUPEN
http://www.hardened-php.net/advisory_042006.119.html
x_refsource_MISC
dokuwiki-spellchecker-code-execution(26913)
vdb-entry
x_refsource_XF
GLSA-200606-16
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now