VYPR
Unrated severityNVD Advisory· Published Jun 8, 2009· Updated Jun 16, 2026

CVE-2009-1960

CVE-2009-1960

Description

inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Dokuwiki/Dokuwiki3 versions
    cpe:2.3:a:dokuwiki:dokuwiki:2009-02-14:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:dokuwiki:dokuwiki:2009-02-14:*:*:*:*:*:*:*
    • cpe:2.3:a:dokuwiki:dokuwiki:rc2009-01-30:*:*:*:*:*:*:*
    • cpe:2.3:a:dokuwiki:dokuwiki:rc2009-02-06:*:*:*:*:*:*:*
  • Range: 2009-02-14, rc2009-02-06, rc2009-01-30

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.