Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2006-2878

The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier.

Related bugs and status

CVE-2006-2878 (Candidate) is related to these bugs:

Bug #45887: Security update needed for all versions prior to 2006 March 9th

		In	Importance	Status
45887	Security update needed for all versions prior to 2006 March 9th	dokuwiki (Ubuntu)	Medium	Fix Released
45887	Security update needed for all versions prior to 2006 March 9th	dokuwiki (Ubuntu Breezy)	Medium	Invalid
45887	Security update needed for all versions prior to 2006 March 9th	dokuwiki (Ubuntu Dapper)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.hardened-ph...
SECUNIA: 20429
BID: 18289
SECTRACK: 1016221
GENTOO: GLSA-200606-16
SECUNIA: 20669
FULLDISC: 20060605 Advisory 04/2...
OSVDB: 25980
VUPEN: ADV-2006-2142
CONFIRM: http://bugs.splitbrain...
XF: dokuwiki-spellchecker-...
BUGTRAQ: 20060605 Advisory 04/2...