Summary
This host is running DokuWiki and is prone to Local File Inclusion vulnerability.
Impact
Successful exploitation will allow attacker to include and execute arbitrary files from local and external resources, and can gain sensitive information about remote system directories when register_globals is enabled.
Impact level: Application/System
Solution
Upgarde to version 2009-02-14b or later.
http://www.dokuwiki.org/dokuwiki
Insight
The flaw is due to error in 'config_cascade[main][default][]' parameter in 'inc/init.php' is not properly verified before being used to include files to 'doku.php'.
Affected
DoKuWiki version prior to 2009-02-14b on Linux.
References
Severity
Classification
-
CVE CVE-2009-1960 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities