Vulnerabilities > CVE-2004-2560 - Remote Arbitrary File Upload vulnerability in DokuWiki

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

andreas-gohr

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

DokuWiki before 2004-10-19, when used on a web server that permits execution based on file extension, allows remote attackers to execute arbitrary code by uploading a file with an appropriate extension such as ".php" or ".cgi".

Vulnerable Configurations

Part	Description	Count
Application	Andreas_Gohr Andreas Gohr Dokuwiki Release_2004-07-04 Andreas Gohr Dokuwiki Release_2004-07-07 Andreas Gohr Dokuwiki Release_2004-07-12 Andreas Gohr Dokuwiki Release_2004-07-21 Andreas Gohr Dokuwiki Release_2004-07-25 Andreas Gohr Dokuwiki Release_2004-08-08 Andreas Gohr Dokuwiki Release_2004-08-15A Andreas Gohr Dokuwiki Release_2004-08-22 Andreas Gohr Dokuwiki Release_2004-09-12 Andreas Gohr Dokuwiki Release_2004-09-25 Andreas Gohr Dokuwiki Release_2004-09-30	11

Summary

Vulnerable Configurations

References