CVE-2006-4674 — Static Code Injection in Dokuwiki

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.4%

top 19.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dokuwiki Debian Dokuwiki Andreas Gohr Dokuwiki

Timeline

PublishedSep 11

Latest updateMay 1

Description

Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/dokuwiki< dokuwiki 0.0.20060309-5.1 (bookworm)

▶Debiandokuwiki/dokuwiki< 0.0.20060309-5.1+3

▶NVDandreas_gohr/dokuwikirelease_2006-03-09+26

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-9w4q-8q9r-8876: Direct static code injection vulnerability in doku↗2022-05-01

▶

OSV

CVE-2006-4674: Direct static code injection vulnerability in doku↗2006-09-11

▶

📋Vendor Advisories

Debian

CVE-2006-4674: dokuwiki - Direct static code injection vulnerability in doku.php in DokuWiki before 2006-0...↗2006

▶