Unrated severityNVD Advisory· Published Sep 29, 2006· Updated Jun 16, 2026

CVE-2006-5099

Description

lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Dokuwiki/Dokuwiki4 versions
cpe:2.3:a:andreas_gohr:dokuwiki:release_2006-03-05:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:andreas_gohr:dokuwiki:release_2006-03-05:*:*:*:*:*:*:*
- cpe:2.3:a:andreas_gohr:dokuwiki:release_2006-03-09:*:*:*:*:*:*:*
- cpe:2.3:a:andreas_gohr:dokuwiki:release_2006-03-09e:*:*:*:*:*:*:*
- (no CPE)range: <2006-03-09e

Patches

Vulnerability mechanics

References

secunia.com/advisories/22192nvdPatchVendor Advisory
secunia.com/advisories/22199nvdPatchVendor Advisory
security.gentoo.org/glsa/glsa-200609-20.xmlnvdPatch
bugs.splitbrain.orgnvdExploit
www.vupen.com/english/advisories/2006/3851nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000