DokuWiki is vulnerable to shell command injection and Denial of Service attacks when using ImageMagick.
Package | www-apps/dokuwiki on all architectures |
---|---|
Affected versions | < 20060309e |
Unaffected versions | >= 20060309e |
DokuWiki is a wiki targeted at developer teams, workgroups and small companies. It does not use a database backend.
Input validation flaws have been discovered in the image handling of fetch.php if ImageMagick is used, which is not the default method.
A remote attacker could exploit the flaws to execute arbitrary shell commands with the rights of the web server daemon or cause a Denial of Service.
There is no known workaround at this time.
All DokuWiki users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/dokuwiki-20060309e"
Release date
September 28, 2006
Latest revision
December 13, 2006: 02
Severity
high
Exploitable
remote
Bugzilla entries