CVE-2006-2878 — Executable Regular Expression Error in Dokuwiki

CWE-624 — Executable Regular Expression Error5 documents5 sources

Severity

7.5HIGHNVD

EPSS

4.4%

top 11.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dokuwiki Debian Dokuwiki Andreas Gohr Dokuwiki

Timeline

PublishedJun 7

Latest updateMay 1

Description

The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/dokuwiki< dokuwiki 0.0.20060309-4 (bookworm)

▶Debiandokuwiki/dokuwiki< 0.0.20060309-4+3

▶NVDandreas_gohr/dokuwikirelease_2006-06-04+26

Patches

Patch: bugs.splitbrain.org ↗Patch: secunia.com ↗Patch: www.hardened-php.net ↗

🔴Vulnerability Details

GHSA

GHSA-9h77-xrgv-4cw7: The spellchecker (spellcheck↗2022-05-01

▶

OSV

CVE-2006-2878: The spellchecker (spellcheck↗2006-06-07

▶

📋Vendor Advisories

Debian

CVE-2006-2878: dokuwiki - The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remo...↗2006

▶

📐Framework References

CWE

Executable Regular Expression Error↗

▶