CVE-2006-5098 — Dokuwiki vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

1.1%

top 21.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dokuwiki Debian Dokuwiki Andreas Gohr Dokuwiki

Timeline

PublishedSep 29

Latest updateMay 1

Description

lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/dokuwiki< dokuwiki 0.0.20060309-5.2 (bookworm)

▶Debiandokuwiki/dokuwiki< 0.0.20060309-5.2+3

▶NVDandreas_gohr/dokuwikirelease_2006-03-05, release_2006-03-09, release_2006-03-09e+2

Patches

Patch: bugs.splitbrain.org ↗Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-pj84-qhh3-r2ch: lib/exec/fetch↗2022-05-01

▶

OSV

CVE-2006-5098: lib/exec/fetch↗2006-09-29

▶

📋Vendor Advisories

Debian

CVE-2006-5098: dokuwiki - lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cau...↗2006

▶