NVD Vulnerability Detail

CVE-2006-2878

Summary	The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier.
Publication Date	June 7, 2006, 9:02 a.m.
Registration Date	Jan. 29, 2021, 3:39 p.m.
Last Update	Oct. 19, 2018, 1:43 a.m.

CVSS2.0 : HIGH
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-04:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-07:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-12:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-21:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-25:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-08-08:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-08-15a:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-08-22:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-09-12:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-09-25:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-09-30:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-10-19:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-11-01:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-11-02:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-11-10:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-01-14:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-01-15:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-01-16a:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-02-06:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-02-18:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-05-07:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-07-01:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-07-13:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-09-19:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-09-22:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2006-03-05:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki::::::::		release_2006-06-04

Related information, measures and tools

No	URL	refsource	タグ
1	http://bugs.splitbrain.org/index.php?do=details&id=823	CONFIRM	Patch
2	http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046602.html	FULLDISC
3	http://secunia.com/advisories/20429	SECUNIA	Patch Vendor Advisory
4	http://secunia.com/advisories/20669	SECUNIA	Vendor Advisory
5	http://securitytracker.com/id?1016221	SECTRACK
6	http://www.gentoo.org/security/en/glsa/glsa-200606-16.xml	GENTOO
7	http://www.hardened-php.net/advisory_042006.119.html	MISC	Patch Vendor Advisory
8	http://www.osvdb.org/25980	OSVDB
9	http://www.securityfocus.com/archive/1/435989/100/0/threaded	BUGTRAQ
10	http://www.securityfocus.com/bid/18289	BID
11	http://www.vupen.com/english/advisories/2006/2142	VUPEN
12	https://exchange.xforce.ibmcloud.com/vulnerabilities/26913	XF

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-04:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-07:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-12:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-21:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-25:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-08-08:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-08-15a:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-08-22:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-09-12:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-09-25:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-09-30:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-10-19:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-11-01:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-11-02:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-11-10:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-01-14:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-01-15:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-01-16a:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-02-06:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-02-18:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-05-07:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-07-01:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-07-13:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-09-19:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-09-22:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki:release_2006-03-05:::::::*
cpe:2.3:a:andreas_gohr:dokuwiki::::::::		release_2006-06-04