Executive Summary

Informations
NameCVE-2006-2878First vendor Publication2006-06-06
VendorCveLast vendor Modification2018-10-18

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides unauthorized access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2878

CWE : Common Weakness Enumeration

%idName

CPE : Common Platform Enumeration

TypeDescriptionCount
Application29

OpenVAS Exploits

DateDescription
2008-09-24Name : Gentoo Security Advisory GLSA 200606-16 (DokuWiki)
File : nvt/glsa_200606_16.nasl
2008-09-04Name : FreeBSD Ports: dokuwiki
File : nvt/freebsd_dokuwiki.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
25980DokuWiki Spell Checker Embedded Link Arbitrary PHP Code Execution

Nessus® Vulnerability Scanner

DateDescription
2006-06-16Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200606-16.nasl - Type : ACT_GATHER_INFO
2006-06-06Name : The remote web server contains a PHP application that is affected by an arbit...
File : dokuwiki_spellcheck_cmd_exec.nasl - Type : ACT_ATTACK

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/18289
BUGTRAQ http://www.securityfocus.com/archive/1/435989/100/0/threaded
CONFIRM http://bugs.splitbrain.org/index.php?do=details&id=823
FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046602.html
GENTOO http://www.gentoo.org/security/en/glsa/glsa-200606-16.xml
MISC http://www.hardened-php.net/advisory_042006.119.html
SECTRACK http://securitytracker.com/id?1016221
VUPEN http://www.vupen.com/english/advisories/2006/2142
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/26913

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
DateInformations
2018-10-18 21:20:11
  • Multiple Updates
2017-07-20 09:23:39
  • Multiple Updates
2016-06-28 15:49:05
  • Multiple Updates
2016-04-26 14:43:10
  • Multiple Updates
2014-02-17 10:36:07
  • Multiple Updates
2013-05-11 10:59:40
  • Multiple Updates