Unrated severityNVD Advisory· Published Jun 8, 2009· Updated Apr 23, 2026

CVE-2009-1960

Description

inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.

Affected products

Dokuwiki/Dokuwiki3 versions
cpe:2.3:a:dokuwiki:dokuwiki:2009-02-14:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:dokuwiki:dokuwiki:2009-02-14:*:*:*:*:*:*:*
- cpe:2.3:a:dokuwiki:dokuwiki:rc2009-01-30:*:*:*:*:*:*:*
- cpe:2.3:a:dokuwiki:dokuwiki:rc2009-02-06:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.splitbrain.org/index.phpnvdPatch
secunia.com/advisories/35218nvdVendor Advisory
dev.splitbrain.org/darcsweb/darcsweb.cginvd
www.securityfocus.com/bid/35095nvd
www.exploit-db.com/exploits/8781nvd
www.exploit-db.com/exploits/8812nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.031
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000