What is the severity of CVE-2006-2878?

CVE-2006-2878 is considered a critical vulnerability as it allows remote attackers to execute arbitrary PHP code.

How do I fix CVE-2006-2878?

To fix CVE-2006-2878, upgrade DokuWiki to a version released after 2006-06-04, or patch the spellcheck.php file to remove the vulnerable regex handling.

What versions of DokuWiki are affected by CVE-2006-2878?

CVE-2006-2878 affects DokuWiki versions up to and including 2006-06-04 and several earlier versions.

What are the implications of CVE-2006-2878 on my DokuWiki installation?

Exploitation of CVE-2006-2878 could lead to unauthorized access and control over the server running DokuWiki.

Can I identify if my system is vulnerable to CVE-2006-2878?

You can identify if your system is vulnerable to CVE-2006-2878 by checking the DokuWiki version and examining the spellcheck.php code for the presence of the /e modifier in regex functions.

Vulnerability/
CVE-2006-2878

high

7.5

CWE

NVD-CWE-Other

7/6/2006

7/8/2024

CVE-2006-2878

First published: Wed Jun 07 2006(Updated: )

The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
DokuWiki	<=release_2006-06-04
DokuWiki	=release_2004-07-04
DokuWiki	=release_2004-07-07
DokuWiki	=release_2004-07-12
DokuWiki	=release_2004-07-21
DokuWiki	=release_2004-07-25
DokuWiki	=release_2004-08-08
DokuWiki	=release_2004-08-15a
DokuWiki	=release_2004-08-22
DokuWiki	=release_2004-09-12
DokuWiki	=release_2004-09-25
DokuWiki	=release_2004-09-30
DokuWiki	=release_2004-10-19
DokuWiki	=release_2004-11-01
DokuWiki	=release_2004-11-02
DokuWiki	=release_2004-11-10
DokuWiki	=release_2005-01-14
DokuWiki	=release_2005-01-15
DokuWiki	=release_2005-01-16a
DokuWiki	=release_2005-02-06
DokuWiki	=release_2005-02-18
DokuWiki	=release_2005-05-07
DokuWiki	=release_2005-07-01
DokuWiki	=release_2005-07-13
DokuWiki	=release_2005-09-19
DokuWiki	=release_2005-09-22
DokuWiki	=release_2006-03-05

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-2878?
CVE-2006-2878 is considered a critical vulnerability as it allows remote attackers to execute arbitrary PHP code.
How do I fix CVE-2006-2878?
To fix CVE-2006-2878, upgrade DokuWiki to a version released after 2006-06-04, or patch the spellcheck.php file to remove the vulnerable regex handling.
What versions of DokuWiki are affected by CVE-2006-2878?
CVE-2006-2878 affects DokuWiki versions up to and including 2006-06-04 and several earlier versions.
What are the implications of CVE-2006-2878 on my DokuWiki installation?
Exploitation of CVE-2006-2878 could lead to unauthorized access and control over the server running DokuWiki.
Can I identify if my system is vulnerable to CVE-2006-2878?
You can identify if your system is vulnerable to CVE-2006-2878 by checking the DokuWiki version and examining the spellcheck.php code for the presence of the /e modifier in regex functions.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/author
agent/remedy
agent/weakness
agent/first-publish-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/andreas gohr
product/dokuwiki
canonical/andreas gohr dokuwiki
canonical/dokuwiki
version/dokuwiki/release_2006-06-04
version/dokuwiki/release_2004-07-04
version/dokuwiki/release_2004-07-07
version/dokuwiki/release_2004-07-12
version/dokuwiki/release_2004-07-21
version/dokuwiki/release_2004-07-25
version/dokuwiki/release_2004-08-08
version/dokuwiki/release_2004-08-15a
version/dokuwiki/release_2004-08-22
version/dokuwiki/release_2004-09-12
version/dokuwiki/release_2004-09-25
version/dokuwiki/release_2004-09-30
version/dokuwiki/release_2004-10-19
version/dokuwiki/release_2004-11-01
version/dokuwiki/release_2004-11-02
version/dokuwiki/release_2004-11-10
version/dokuwiki/release_2005-01-14
version/dokuwiki/release_2005-01-15
version/dokuwiki/release_2005-01-16a
version/dokuwiki/release_2005-02-06
version/dokuwiki/release_2005-02-18
version/dokuwiki/release_2005-05-07
version/dokuwiki/release_2005-07-01
version/dokuwiki/release_2005-07-13
version/dokuwiki/release_2005-09-19
version/dokuwiki/release_2005-09-22
version/dokuwiki/release_2006-03-05

Frequently Asked Questions

What is the severity of CVE-2006-2878?
CVE-2006-2878 is considered a critical vulnerability as it allows remote attackers to execute arbitrary PHP code.
How do I fix CVE-2006-2878?
To fix CVE-2006-2878, upgrade DokuWiki to a version released after 2006-06-04, or patch the spellcheck.php file to remove the vulnerable regex handling.
What versions of DokuWiki are affected by CVE-2006-2878?
CVE-2006-2878 affects DokuWiki versions up to and including 2006-06-04 and several earlier versions.
What are the implications of CVE-2006-2878 on my DokuWiki installation?
Exploitation of CVE-2006-2878 could lead to unauthorized access and control over the server running DokuWiki.
Can I identify if my system is vulnerable to CVE-2006-2878?
You can identify if your system is vulnerable to CVE-2006-2878 by checking the DokuWiki version and examining the spellcheck.php code for the presence of the /e modifier in regex functions.

CVE-2006-2878

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-2878?

How do I fix CVE-2006-2878?

What versions of DokuWiki are affected by CVE-2006-2878?

What are the implications of CVE-2006-2878 on my DokuWiki installation?

Can I identify if my system is vulnerable to CVE-2006-2878?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2006-2878?

How do I fix CVE-2006-2878?

What versions of DokuWiki are affected by CVE-2006-2878?

What are the implications of CVE-2006-2878 on my DokuWiki installation?

Can I identify if my system is vulnerable to CVE-2006-2878?