Описание
lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 0.0.20050922-4ubuntu1.1 |
| devel | released | 0.0.20060309-5.2 |
| edgy | ignored | end of life, was needed |
| feisty | released | 0.0.20060309-5.2 |
| gutsy | released | 0.0.20060309-5.2 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS2
Связанные уязвимости
lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert.
lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert ...
lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert.
EPSS
7.5 High
CVSS2