DokuWiki config_cascade Parameter Remote File Inclusion

medium Nessus Plugin ID 38926

Synopsis

The remote web server contains PHP script that is affected by a remote file include vulnerability.

Description

The remote installation of DokuWiki fails to sanitize user input to the 'config_cascade' parameter array before using it in 'inc/init.php' to include PHP code. Provided PHP's 'register_globals' setting is enabled, an attacker can leverage this flaw to view files on the local host or to execute arbitrary PHP code, possibly taken from third-party hosts.

Solution

Either disable PHP's 'register_globals' setting or upgrade to DokuWiki 2009-02-14b or later.

See Also

http://bugs.splitbrain.org/index.php?do=details&task_id=1700

Plugin Details

Severity: Medium

ID: 38926

File Name: dokuwiki_config_cascade_rfi.nasl

Version: 1.15

Type: remote

Family: CGI abuses

Published: 5/27/2009

Updated: 6/1/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/dokuwiki

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2009-1960

BID: 35095

CWE: 94

Secunia: 35218