Secunia reports:
rgod has discovered a vulnerability in DokuWiki, which can
be exploited by malicious people to compromise a vulnerable
system.
Input passed to the "TARGET_FN" parameter in
bin/dwpage.php is not properly sanitised before being used
to copy files. This can be exploited via directory
traversal attacks in combination with DokuWiki's file
upload feature to execute arbitrary PHP code.
CVE Mitre reports:
Direct static code injection vulnerability in doku.php in
DokuWiki before 2006-03-09c allows remote attackers to
execute arbitrary PHP code via the X-FORWARDED-FOR HTTP
header, which is stored in config.php.
Unrestricted file upload vulnerability in
lib/exe/media.php in DokuWiki before 2006-03-09c allows
remote attackers to upload executable files into the
data/media folder via unspecified vectors.
DokuWiki before 2006-03-09c enables the debug feature by
default, which allows remote attackers to obtain sensitive
information by calling doku.php with the X-DOKUWIKI-DO HTTP
header set to "debug".