Andreas Gohr: >> Dokuwiki Security Vulnerabilities
The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier.
CVSS Score
7.5
EPSS Score
0.029
Published
2006-06-07
Cross-site scripting (XSS) vulnerability in the mediamanager module in DokuWiki before 2006-03-05 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors relating to "handling EXIF data."
CVSS Score
4.3
EPSS Score
0.004
Published
2006-03-12
DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including (1) Mediaselectiondialog, (2) Recent changes, (3) feed, and (4) search, possibly due to the lack of ACL checks.
CVSS Score
7.5
EPSS Score
0.007
Published
2004-12-31
DokuWiki before 2004-10-19, when used on a web server that permits execution based on file extension, allows remote attackers to execute arbitrary code by uploading a file with an appropriate extension such as ".php" or ".cgi".
CVSS Score
7.5
EPSS Score
0.024
Published
2004-12-31
Page 2