rgod has discovered a vulnerability in DokuWiki, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "TARGET_FN" parameter in bin/dwpage.php is not properly sanitised before being used to copy files. This can be exploited via directory traversal attacks in combination with DokuWiki's file upload feature to execute arbitrary PHP code.
The vulnerability is confirmed in version 2006-03-09b. Other versions may also be affected,
Solution: Update to version 2006-03-09c and enable support for .htaccess files.
Provided and/or discovered by: rgod
Original Advisory: http://bugs.splitbrain.org/index.php?do=details&id=906
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org