PT-2004-3451 · Dokuwiki · Dokuwiki

Published

2004-12-31

Updated

2017-07-11

CVE-2004-2560

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions DokuWiki versions prior to 2004-10-19

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an appropriate extension, such as .php or .cgi, when used on a web server that permits execution based on file extension.

Recommendations For versions prior to 2004-10-19, update to a version released after 2004-10-19 to resolve the issue. As a temporary workaround, consider restricting file uploads or disabling execution based on file extension on the web server.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-2560

Affected Products

Dokuwiki

PT-2004-3451 · Dokuwiki · Dokuwiki

CVE-2004-2560

Related Identifiers

Affected Products

References · 6