CVE-2006-5099 — Dokuwiki vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

2.6%

top 14.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dokuwiki Debian Dokuwiki Andreas Gohr Dokuwiki

Timeline

PublishedSep 29

Latest updateMay 1

Description

lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/dokuwiki< dokuwiki 0.0.20060309-5.2 (bookworm)

▶Debiandokuwiki/dokuwiki< 0.0.20060309-5.2+3

▶NVDandreas_gohr/dokuwikirelease_2006-03-05, release_2006-03-09, release_2006-03-09e+2

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: security.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-5rj4-cvcv-vxcw: lib/exec/fetch↗2022-05-01

▶

OSV

CVE-2006-5099: lib/exec/fetch↗2006-09-29

▶

📋Vendor Advisories

Debian

CVE-2006-5099: dokuwiki - lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is confi...↗2006

▶