CVE-2009-1960 in DokuWikiinfo

Summary

inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

06/06/2009

Disclosure

06/07/2009

CPE

ready

Exploit

Download

CVSS

9.8

EPSS

0.39038

Activities

Very Low

Sources

MITREhttps://www.cve.org/CVERecord?id=CVE-2009-1960
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2009-1960
CVE Detailshttps://www.cvedetails.com/cve/CVE-2009-1960/

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!