CVE-2006-2878

CVSS 7.5 - HIGH

Description

The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier.

Affected Products

Vendor	Product	Version
andreas_gohr	dokuwiki	`All versions`
andreas_gohr	dokuwiki	`release_2004-07-04`
andreas_gohr	dokuwiki	`release_2004-07-07`
andreas_gohr	dokuwiki	`release_2004-07-12`
andreas_gohr	dokuwiki	`release_2004-07-21`
andreas_gohr	dokuwiki	`release_2004-07-25`
andreas_gohr	dokuwiki	`release_2004-08-08`
andreas_gohr	dokuwiki	`release_2004-08-15a`
andreas_gohr	dokuwiki	`release_2004-08-22`
andreas_gohr	dokuwiki	`release_2004-09-12`
andreas_gohr	dokuwiki	`release_2004-09-25`
andreas_gohr	dokuwiki	`release_2004-09-30`
andreas_gohr	dokuwiki	`release_2004-10-19`
andreas_gohr	dokuwiki	`release_2004-11-01`
andreas_gohr	dokuwiki	`release_2004-11-02`
andreas_gohr	dokuwiki	`release_2004-11-10`
andreas_gohr	dokuwiki	`release_2005-01-14`
andreas_gohr	dokuwiki	`release_2005-01-15`
andreas_gohr	dokuwiki	`release_2005-01-16a`
andreas_gohr	dokuwiki	`release_2005-02-06`
andreas_gohr	dokuwiki	`release_2005-02-18`
andreas_gohr	dokuwiki	`release_2005-05-07`
andreas_gohr	dokuwiki	`release_2005-07-01`
andreas_gohr	dokuwiki	`release_2005-07-13`
andreas_gohr	dokuwiki	`release_2005-09-19`
andreas_gohr	dokuwiki	`release_2005-09-22`
andreas_gohr	dokuwiki	`release_2006-03-05`