CVE-2008-5186

Publication date 21 November 2008

Last updated 4 August 2025

Ubuntu priority

Description

The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path

Status

Show unmaintained releases

Package	Ubuntu Release	Status
dokuwiki	11.10 oneiric	Not affected
	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Ignored end of life, was needs-triage
	8.04 LTS hardy	Ignored end of life
	7.10 gutsy	Ignored end of life, was needs-triage
	6.06 LTS dapper	Ignored end of life
geshi	11.10 oneiric	Not affected
	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Ignored end of life, was needs-triage
	8.04 LTS hardy	Ignored end of life
	7.10 gutsy	Ignored end of life, was needs-triage
	6.06 LTS dapper	Not in release
pgfouine	11.10 oneiric	Not affected
	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Ignored end of life, was needs-triage
	8.04 LTS hardy	Ignored end of life
	7.10 gutsy	Ignored end of life, was needs-triage
	6.06 LTS dapper	Not in release

References

Other references

https://www.cve.org/CVERecord?id=CVE-2008-5186