CVE-2006-4674

Published Sep 11, 2006

Last updated 6 years ago

Overview

Description: Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Evaluator

Comment: -
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC7FA4BC-8AAC-401E-AAF9-AD82A846DDB6",
            "versionEndIncluding": "release_2006-03-09"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FFB3CD9-5B04-4200-87CF-F1B65902D0B0"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-07:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84F5F7BA-00EF-4ACB-A8BA-0CD06A9ABB44"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63EDDA58-22F6-456A-986D-6A58FD818F5D"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C907D889-8DD7-4542-A74E-C318271E5812"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46E98CDA-E813-427A-944A-2A768F075021"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-08-08:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E589DA1C-7428-48A3-A115-3168F99584E6"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-08-15a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B197CF8-3729-414F-8BAA-BC709DEAA140"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-08-22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5470BA9-F1F1-484B-B4D2-328D98483D55"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-09-12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43D11132-69EC-40DD-9D62-CC2B7DF7C344"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-09-25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDCFDB3E-AB07-4E4C-A065-617A39505EB9"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-09-30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4A4E1DB-705A-4FD8-913B-D43C4E9117A3"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-10-19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBFD529E-86A6-43A0-AF97-ADD7C8C2BAFC"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-11-01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A2330E8-22BA-45AD-841B-4230CEED6A20"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-11-02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DD67EB1-A54F-44CC-ACE6-3D5ADA3F473F"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-11-10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47324B2B-AA17-4714-9DFC-FC5C0CF9D452"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-01-14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A14882F1-2073-4DF4-8ECD-D4B9C39EAA03"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-01-15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6FE154F-A880-4053-AA65-C02DD9AA1BC5"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-01-16a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "151742B9-2357-4A12-B839-09ADDF30E61F"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-02-06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0296920B-64B6-4492-8B54-D11F8CFA7F58"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-02-18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9E00178-D993-479A-BBC8-8AD9BDF69129"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-05-07:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BFB944D-FA24-4B9C-8543-656CFDB6163A"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-07-01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11872728-EE8D-4E4B-9E2F-C658905B5045"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-07-13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56F542C2-7808-42AD-9A20-85BBBFD27DFF"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-09-19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4277D9B-E1FF-4285-A766-993B1C38CB42"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-09-22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6A781BA-0949-456E-A529-9CA157CD3F33"
          },
          {
            "criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2006-03-05:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "246EE1AA-8C74-48F7-8E7D-9668933C7D3B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References