HomePentest-Tools.com Logo

DokuWiki doku.php Local File Inclusion Vulnerability CVE-2009-1960

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

DokuWiki is prone to Local File Inclusion vulnerability.

Risk description

The flaw is due to error in config_cascade[main][default][] parameter in inc/init.php is not properly verified before being used to include files to doku.php. Successful exploitation will allow attacker to include and execute arbitrary files from local and external resources, and can gain sensitive information about remote system directories when register_globals is enabled.

Recommendation

Upgrade to version 2009-02-14b or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jun 8, 2009
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available