CVE-2006-5099

Publication date 29 September 2006

Last updated 24 July 2024


Ubuntu priority

lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert.

Status

Package Ubuntu Release Status
dokuwiki 7.10 gutsy
Fixed 0.0.20060309-5.2
7.04 feisty
Fixed 0.0.20060309-5.2
6.10 edgy Ignored end of life, was needed
6.06 LTS dapper
Fixed 0.0.20050922-4ubuntu1.1