Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-1960

inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.

Published

2009-06-08T01:00:00.797

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dokuwiki	dokuwiki	2009-02-14	Yes
Application	dokuwiki	dokuwiki	rc2009-01-30	Yes
Application	dokuwiki	dokuwiki	rc2009-02-06	Yes

References

http://bugs.splitbrain.org/index.php?do=details&task_id=1700 Patch ([email protected])
http://dev.splitbrain.org/darcsweb/darcsweb.cgi?r=dokuwiki%3Ba=commitdiff%3Bh=20090526145030-7ad00-c0483e021f47898c8597f3bfbdd26c637f891d86.gz ([email protected])
http://secunia.com/advisories/35218 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/35095 ([email protected])
https://www.exploit-db.com/exploits/8781 ([email protected])
https://www.exploit-db.com/exploits/8812 ([email protected])
http://bugs.splitbrain.org/index.php?do=details&task_id=1700 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://dev.splitbrain.org/darcsweb/darcsweb.cgi?r=dokuwiki%3Ba=commitdiff%3Bh=20090526145030-7ad00-c0483e021f47898c8597f3bfbdd26c637f891d86.gz (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35218 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/35095 (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/8781 (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/8812 (af854a3a-2127-422b-91ae-364da2661108)