DokuWiki security hole fixed

Note: This is a retrospective post.

Todays Secunia Advisory is from a security hole in the DokuWiki software wich I reported about. :-)

Description:
HÃ¥var Henriksen has reported a vulnerability in DokuWiki, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an input validation error in “media.php” where files with arbitrary file extensions can be uploaded inside the web root. This can e.g. be exploited to execute arbitrary PHP code.

Original advisory: http://bugs.splitbrain.org/index.php?do=details&id=247
Secunia Report in Danish: http://www.secunia.dk/advisories/14916/

1 thought on “DokuWiki security hole fixed

Leave a Reply

Your email address will not be published.