![]() |
|
Message-ID: <Pine.GSO.4.51.0906061348080.28142@faron.mitre.org> Date: Sat, 6 Jun 2009 13:48:13 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: CVE id request: dokuwiki ====================================================== Name: CVE-2009-1960 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1960 Reference: MILW0RM:8781 Reference: URL:http://www.milw0rm.com/exploits/8781 Reference: MILW0RM:8812 Reference: URL:http://www.milw0rm.com/exploits/8812 Reference: CONFIRM:http://bugs.splitbrain.org/index.php?do=details&task_id=1700 Reference: SECUNIA:35218 Reference: URL:http://secunia.com/advisories/35218 inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.