PT-2007-1245 · Dokuwiki · Dokuwiki

Published

2007-01-29

Updated

2017-07-29

CVE-2006-6965

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: DokuWiki versions prior to 2006-03-09e

Description: A CRLF injection issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. This issue can also be leveraged for XSS attacks.

Recommendations: For versions prior to 2006-03-09e, update to a version that includes the fix for this issue to prevent CRLF injection and potential XSS attacks.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6965

Affected Products

Dokuwiki

PT-2007-1245 · Dokuwiki · Dokuwiki

CVE-2006-6965

Related Identifiers

Affected Products

References · 13