HÃ¥var Henriksen has reported a vulnerability in DokuWiki, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an input validation error in “media.php” where files with arbitrary file extensions can be uploaded inside the web root. This can e.g. be exploited to execute arbitrary PHP code.
Original advisory: http://bugs.splitbrain.org/index.php?do=details&id=247
Secunia Report in Danish: http://www.secunia.dk/advisories/14916/