CVE-2009-1960
- Source
- https://cve.org/CVERecord?id=CVE-2009-1960
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2009-1960.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2009-1960
- Downstream
- Published
- 2009-06-08T01:00:00Z
- Modified
- 2026-04-10T03:40:48.437180Z
- Summary
- [none]
- Details
-
inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when registerglobals is enabled, allows remote attackers to include and execute arbitrary local files via the configcascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.
- References
-
- http://secunia.com/advisories/35218
- http://bugs.splitbrain.org/index.php?do=details&task_id=1700
- http://dev.splitbrain.org/darcsweb/darcsweb.cgi?r=dokuwiki%3Ba=commitdiff%3Bh=20090526145030-7ad00-c0483e021f47898c8597f3bfbdd26c637f891d86.gz
- http://www.securityfocus.com/bid/35095
- https://www.exploit-db.com/exploits/8781
- https://www.exploit-db.com/exploits/8812