CVE-2006-5099 - OpenCVE

lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Andreas Gohr	Dokuwiki

Configuration 1 [-]

OR	cpe:2.3:a:andreas_gohr:dokuwiki:release_2006-03-05:::::::*
	cpe:2.3:a:andreas_gohr:dokuwiki:release_2006-03-09:::::::*
	cpe:2.3:a:andreas_gohr:dokuwiki:release_2006-03-09e:::::::*

References

Link	Resource
http://bugs.splitbrain.org/?do=details&id=926	Exploit
http://secunia.com/advisories/22192	Patch Vendor Advisory
http://secunia.com/advisories/22199	Patch Vendor Advisory
http://security.gentoo.org/glsa/glsa-200609-20.xml	Patch
http://www.vupen.com/english/advisories/2006/3851

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-09-29T23:00:00

Updated: 2006-10-05T09:00:00

Reserved: 2006-09-29T00:00:00

Link: CVE-2006-5099

JSON object: View

NVD Information

Status : Modified

Published: 2006-09-29T23:07:00.000

Modified: 2011-03-08T02:42:34.143

Link: CVE-2006-5099

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-09-26T00:00:00", "descriptions": [{"lang": "en", "value": "lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-10-05T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.splitbrain.org/?do=details&id=926"}, {"name": "ADV-2006-3851", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3851"}, {"name": "GLSA-200609-20", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200609-20.xml"}, {"name": "22192", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22192"}, {"name": "22199", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22199"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5099", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://bugs.splitbrain.org/?do=details&id=926", "refsource": "CONFIRM", "url": "http://bugs.splitbrain.org/?do=details&id=926"}, {"name": "ADV-2006-3851", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3851"}, {"name": "GLSA-200609-20", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200609-20.xml"}, {"name": "22192", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22192"}, {"name": "22199", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22199"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5099", "datePublished": "2006-09-29T23:00:00", "dateReserved": "2006-09-29T00:00:00", "dateUpdated": "2006-10-05T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2006-03-05:*:*:*:*:*:*:*", "matchCriteriaId": "246EE1AA-8C74-48F7-8E7D-9668933C7D3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2006-03-09:*:*:*:*:*:*:*", "matchCriteriaId": "00333DC7-F62E-4683-9A8E-10DF0E852D9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2006-03-09e:*:*:*:*:*:*:*", "matchCriteriaId": "8218DCEE-59EC-4BDC-A7B2-835568443B63", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert."}, {"lang": "es", "value": "lib/exec/fetch.php en DokuWiki anterior a 09/03/2006, cuando se configura conf[imconvert] para usar ImageMagick, permite a un atacante remoto ejecutar comandos de su elecci\u00f3n a trav\u00e9s de los metacaracteres del interprete de comandos en los par\u00e1metros (1)w y (2) h, los cuales no fueron filtrados cuando se invoc\u00f3 la conversi\u00f3n."}], "id": "CVE-2006-5099", "lastModified": "2011-03-08T02:42:34.143", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-09-29T23:07:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://bugs.splitbrain.org/?do=details&id=926"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/22192"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/22199"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://security.gentoo.org/glsa/glsa-200609-20.xml"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3851"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}