FreeBSD : dokuwiki -- Local File Inclusion with register_globals on (4f838b74-50a1-11de-b01f-001c2514716c)

high Nessus Plugin ID 39315

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

DokuWiki reports :

A security hole was discovered which allows an attacker to include arbitrary files located on the attacked DokuWiki installation. The included file is executed in the PHP context. This can be escalated by introducing malicious code through uploading file via the media manager or placing PHP code in editable pages.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?a3473275

http://www.nessus.org/u?2122256d

Plugin Details

Severity: High

ID: 39315

File Name: freebsd_pkg_4f838b7450a111deb01f001c2514716c.nasl

Version: 1.13

Type: local

Published: 6/5/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:dokuwiki, p-cpe:/a:freebsd:freebsd:dokuwiki-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/4/2009

Vulnerability Publication Date: 5/26/2009

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2009-1960

CWE: 94