|
|
CVE Reference: CVE-2006-2878 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-2878 |
|
|
Description: The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/26913 ST 1016221 SAID Secunia Advisory: SA20429 Secunia Advisory: SA20669 OSVDB 25980 MISC http://www.hardened-php.net/advisory_042006.119.html GENTOO http://www.gentoo.org/security/en/glsa/glsa-200606-16.xml FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046602.html CONFIRM http://bugs.splitbrain.org/index.php?do=details&id=823 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/435989/100/0/threaded BID 18289 |
|
| Return to the previous page. |
