CVE-2009-1960

inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php.  NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Debian logo
Debian Releases
Debian Product
Codename
dokuwiki
bullseye
0.0.20180422.a-2.1
fixed
bookworm
0.0.20220731.a-2
fixed
sid
0.0.20220731.a-3
fixed
trixie
0.0.20220731.a-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dokuwiki
yakkety
not-affected
xenial
not-affected
wily
ignored
vivid
ignored
utopic
ignored
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
not-affected
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://bugs.splitbrain.org/index.php?do=details&task_id=1700
http://dev.splitbrain.org/darcsweb/darcsweb.cgi?r=dokuwiki%3Ba=commitdiff%3Bh=20090526145030-7ad00-c0483e021f47898c8597f3bfbdd26c637f891d86.gz
http://secunia.com/advisories/35218
http://www.securityfocus.com/bid/35095
https://www.exploit-db.com/exploits/8781
https://www.exploit-db.com/exploits/8812
http://bugs.splitbrain.org/index.php?do=details&task_id=1700
http://dev.splitbrain.org/darcsweb/darcsweb.cgi?r=dokuwiki%3Ba=commitdiff%3Bh=20090526145030-7ad00-c0483e021f47898c8597f3bfbdd26c637f891d86.gz
http://secunia.com/advisories/35218
http://www.securityfocus.com/bid/35095
https://www.exploit-db.com/exploits/8781
https://www.exploit-db.com/exploits/8812