Vulnerability Description
inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dokuwiki | Dokuwiki | 2009-02-14 |
Related Weaknesses (CWE)
References
- http://bugs.splitbrain.org/index.php?do=details&task_id=1700Patch
- http://dev.splitbrain.org/darcsweb/darcsweb.cgi?r=dokuwiki%3Ba=commitdiff%3Bh=20
- http://secunia.com/advisories/35218Vendor Advisory
- http://www.securityfocus.com/bid/35095
- https://www.exploit-db.com/exploits/8781
- https://www.exploit-db.com/exploits/8812
- http://bugs.splitbrain.org/index.php?do=details&task_id=1700Patch
- http://dev.splitbrain.org/darcsweb/darcsweb.cgi?r=dokuwiki%3Ba=commitdiff%3Bh=20
- http://secunia.com/advisories/35218Vendor Advisory
- http://www.securityfocus.com/bid/35095
- https://www.exploit-db.com/exploits/8781
- https://www.exploit-db.com/exploits/8812
FAQ
What is CVE-2009-1960?
CVE-2009-1960 is a vulnerability with a CVSS score of 9.3 (HIGH). inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main]...
How severe is CVE-2009-1960?
CVE-2009-1960 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1960?
Check the references section above for vendor advisories and patch information. Affected products include: Dokuwiki Dokuwiki.