DokuWiki: PHP code injection — GLSA 200606-16

A flaw in DokuWiki's spell checker allows for the execution of arbitrary PHP commands, even without proper authentication.

Affected Packages

www-apps/dokuwiki on all architectures
Affected versions < 20060309-r1
Unaffected versions >= 20060309-r1

Background

DokuWiki is a simple to use wiki targeted at developer teams, workgroups and small companies.

Description

Stefan Esser discovered that the DokuWiki spell checker fails to properly sanitize PHP's "complex curly syntax".

Impact

A unauthenticated remote attacker may execute arbitrary PHP commands - and thus possibly arbitrary system commands - with the permissions of the user running the webserver that serves DokuWiki pages.

Workaround

There is no known workaround at this time.

Resolution

All DokuWiki users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/dokuwiki-20060309-r1"

References

Release Date
June 14, 2006

Latest Revision
June 14, 2006: 01

Severity
high

Exploitable
remote

Bugzilla entries