CVE-2006-4674

Published: Sep 11, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html

x_refsource_MISC

1537

third-party-advisory

x_refsource_SREASON

http://bugs.splitbrain.org/index.php?do=details&id=906

x_refsource_CONFIRM

GLSA-200609-10

vendor-advisory

x_refsource_GENTOO

21936

third-party-advisory

x_refsource_SECUNIA

20060907 DokuWiki <= 2006-03-09brel /bin/dwpage.php remote commands execution

mailing-list

x_refsource_BUGTRAQ

21819

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2006-4674

Description

Affected Products

References