Get Firefox
Get Firefox
MakePovertyHistory.org
MakePovertyHistory.org

Archive for April, 2005

You are currently browsing the havar.info weblog archives for April, 2005.

DokuWiki security hole fixed

Wednesday, April 13th, 2005 14:13:50 by Håvar Henriksen
Note: This is a retrospective post.

Todays Secunia Advisory is from a security hole in the DokuWiki software wich I reported about. :-)

Description:
Håvar Henriksen has reported a vulnerability in DokuWiki, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an input validation error in “media.php” where files with arbitrary file extensions can be uploaded inside the web root. This can e.g. be exploited to execute arbitrary PHP code.

Original advisory: http://bugs.splitbrain.org/index.php?do=details&id=247
Secunia Report in Danish: http://www.secunia.dk/advisories/14916/