Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 6 Jun 2009 13:48:13 -0400 (EDT)
From: "Steven M. Christey" <>
Subject: Re: CVE id request: dokuwiki

Name: CVE-2009-1960
Status: Candidate
Reference: MILW0RM:8781
Reference: URL:
Reference: MILW0RM:8812
Reference: URL:
Reference: CONFIRM:
Reference: SECUNIA:35218
Reference: URL:

inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30,
when register_globals is enabled, allows remote attackers to include
and execute arbitrary local files via the
config_cascade[main][default][] parameter to doku.php.  NOTE: PHP
remote file inclusion is also possible in PHP 5 using ftp:// URLs.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.