1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
Candidate: CVE-2009-1960
PublicDate: 2009-06-07
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1960
Description:
inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when
register_globals is enabled, allows remote attackers to include and execute
arbitrary local files via the config_cascade[main][default][] parameter to
doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using
ftp:// URLs.
Ubuntu-Description:
Notes:
mdeslaur> PoC: http://www.milw0rm.com/exploits/8812
mdeslaur> PoC: http://www.milw0rm.com/exploits/8781
Bugs:
http://bugs.splitbrain.org/index.php?do=details&task_id=1700
Priority: medium
Discovered-by:
Assigned-to:
Patches_dokuwiki:
upstream_dokuwiki: released (0.0.20090214b-1)
dapper_dokuwiki: ignored (reached end-of-life)
hardy_dokuwiki: ignored (reached end-of-life)
intrepid_dokuwiki: ignored (reached end-of-life)
jaunty_dokuwiki: ignored (reached end-of-life)
karmic_dokuwiki: ignored (reached end-of-life)
lucid_dokuwiki: ignored (reached end-of-life)
maverick_dokuwiki: ignored (reached end-of-life)
natty_dokuwiki: ignored (reached end-of-life)
oneiric_dokuwiki: ignored (reached end-of-life)
precise_dokuwiki: not-affected (0.0.20110525a-2)
quantal_dokuwiki: ignored (reached end-of-life)
raring_dokuwiki: ignored (reached end-of-life)
saucy_dokuwiki: ignored (reached end-of-life)
trusty_dokuwiki: not-affected (0.0.20131208-1)
utopic_dokuwiki: ignored (reached end-of-life)
vivid_dokuwiki: ignored (reached end-of-life)
vivid/stable-phone-overlay_dokuwiki: DNE
vivid/ubuntu-core_dokuwiki: DNE
wily_dokuwiki: ignored (reached end-of-life)
xenial_dokuwiki: not-affected (0.0.20140929.d-1ubuntu1)
yakkety_dokuwiki: not-affected
devel_dokuwiki: not-affected
|