CVE-2009-1960

Published Jun 8, 2009

Last updated 4 days ago

CVSS info 9.3

Overview

Description: inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.
Source: cve@mitre.org
NVD status: Modified
Products: dokuwiki

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-94

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2009-02-14:*:*:*:*:*:*:*",
            "matchCriteriaId": "0C1517AA-3CF0-4B87-BC19-09D1E58EDFFF",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:dokuwiki:dokuwiki:rc2009-01-30:*:*:*:*:*:*:*",
            "matchCriteriaId": "3DB7EDB7-794F-4180-93B4-1C15D754F3B4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:dokuwiki:dokuwiki:rc2009-02-06:*:*:*:*:*:*:*",
            "matchCriteriaId": "71C079F7-4C88-4D24-9392-4BA7816DA6B5",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

Related CVEs

References