Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

DokuWiki spellcheck Arbitrary Code Execution Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Executes arbitrary PHP code via DocuWiki spellcheck

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that is affected by
an arbitrary code execution vulnerability.

Description :

The remote host is running DokuWiki, an open-source wiki application
written in PHP.

The installed version of DokuWiki fails to properly sanitize input to
the 'data' parameter of the 'lib/exe/spellcheck.php' script before
evaluating it to handle links embedded in the text. An
unauthenticated attacker can leverage this issue with PHP commands in
'complex curly syntax' to execute arbitrary PHP code on the remote
host subject to the rights of the web server user id.

See also :

Solution :

Upgrade to DokuWiki release 2006-03-09 with hotfix 823 or later.

Threat Level:

High / CVSS Base Score : 7

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.