CVE-2009-1960

EPSS 39.0%

發布日:2009/6/8修改日:2026/5/27

描述

inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.

受影響套件(1)

Debian/dokuwikifrom 0, < 0.0.20090214b-1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-1960