{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T16:06:02.455","vulnerabilities":[{"cve":{"id":"CVE-2006-4674","sourceIdentifier":"cve@mitre.org","published":"2006-09-11T17:04:00.000","lastModified":"2026-04-16T00:27:16.627","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php."},{"lang":"es","value":"Vulnerabilidad de inyección de código estático directo en doku.php en DokuWiki anterior a 30/09/2006 permite a un atacante remoto ejecutar código PHP de su elección a través de la cabecera X-FORWARDED-FOR HTTP, la cual está almancenada en config.php."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:*:*:*:*:*:*:*:*","versionEndIncluding":"release_2006-03-09","matchCriteriaId":"CC7FA4BC-8AAC-401E-AAF9-AD82A846DDB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-04:*:*:*:*:*:*:*","matchCriteriaId":"7FFB3CD9-5B04-4200-87CF-F1B65902D0B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-07:*:*:*:*:*:*:*","matchCriteriaId":"84F5F7BA-00EF-4ACB-A8BA-0CD06A9ABB44"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-12:*:*:*:*:*:*:*","matchCriteriaId":"63EDDA58-22F6-456A-986D-6A58FD818F5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-21:*:*:*:*:*:*:*","matchCriteriaId":"C907D889-8DD7-4542-A74E-C318271E5812"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-25:*:*:*:*:*:*:*","matchCriteriaId":"46E98CDA-E813-427A-944A-2A768F075021"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-08-08:*:*:*:*:*:*:*","matchCriteriaId":"E589DA1C-7428-48A3-A115-3168F99584E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-08-15a:*:*:*:*:*:*:*","matchCriteriaId":"2B197CF8-3729-414F-8BAA-BC709DEAA140"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-08-22:*:*:*:*:*:*:*","matchCriteriaId":"E5470BA9-F1F1-484B-B4D2-328D98483D55"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-09-12:*:*:*:*:*:*:*","matchCriteriaId":"43D11132-69EC-40DD-9D62-CC2B7DF7C344"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-09-25:*:*:*:*:*:*:*","matchCriteriaId":"EDCFDB3E-AB07-4E4C-A065-617A39505EB9"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-09-30:*:*:*:*:*:*:*","matchCriteriaId":"E4A4E1DB-705A-4FD8-913B-D43C4E9117A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-10-19:*:*:*:*:*:*:*","matchCriteriaId":"CBFD529E-86A6-43A0-AF97-ADD7C8C2BAFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-11-01:*:*:*:*:*:*:*","matchCriteriaId":"3A2330E8-22BA-45AD-841B-4230CEED6A20"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-11-02:*:*:*:*:*:*:*","matchCriteriaId":"7DD67EB1-A54F-44CC-ACE6-3D5ADA3F473F"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-11-10:*:*:*:*:*:*:*","matchCriteriaId":"47324B2B-AA17-4714-9DFC-FC5C0CF9D452"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-01-14:*:*:*:*:*:*:*","matchCriteriaId":"A14882F1-2073-4DF4-8ECD-D4B9C39EAA03"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-01-15:*:*:*:*:*:*:*","matchCriteriaId":"F6FE154F-A880-4053-AA65-C02DD9AA1BC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-01-16a:*:*:*:*:*:*:*","matchCriteriaId":"151742B9-2357-4A12-B839-09ADDF30E61F"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-02-06:*:*:*:*:*:*:*","matchCriteriaId":"0296920B-64B6-4492-8B54-D11F8CFA7F58"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-02-18:*:*:*:*:*:*:*","matchCriteriaId":"D9E00178-D993-479A-BBC8-8AD9BDF69129"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-05-07:*:*:*:*:*:*:*","matchCriteriaId":"5BFB944D-FA24-4B9C-8543-656CFDB6163A"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-07-01:*:*:*:*:*:*:*","matchCriteriaId":"11872728-EE8D-4E4B-9E2F-C658905B5045"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-07-13:*:*:*:*:*:*:*","matchCriteriaId":"56F542C2-7808-42AD-9A20-85BBBFD27DFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-09-19:*:*:*:*:*:*:*","matchCriteriaId":"D4277D9B-E1FF-4285-A766-993B1C38CB42"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2005-09-22:*:*:*:*:*:*:*","matchCriteriaId":"E6A781BA-0949-456E-A529-9CA157CD3F33"},{"vulnerable":true,"criteria":"cpe:2.3:a:andreas_gohr:dokuwiki:release_2006-03-05:*:*:*:*:*:*:*","matchCriteriaId":"246EE1AA-8C74-48F7-8E7D-9668933C7D3B"}]}]}],"references":[{"url":"http://bugs.splitbrain.org/index.php?do=details&id=906","source":"cve@mitre.org"},{"url":"http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://secunia.com/advisories/21819","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://secunia.com/advisories/21936","source":"cve@mitre.org"},{"url":"http://security.gentoo.org/glsa/glsa-200609-10.xml","source":"cve@mitre.org"},{"url":"http://securityreason.com/securityalert/1537","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/445516/100/0/threaded","source":"cve@mitre.org"},{"url":"http://bugs.splitbrain.org/index.php?do=details&id=906","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://secunia.com/advisories/21819","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://secunia.com/advisories/21936","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://security.gentoo.org/glsa/glsa-200609-10.xml","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://securityreason.com/securityalert/1537","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/445516/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"}],"evaluatorSolution":"Successful exploitation requires that \"register_argc_argv\" is enabled, which is the default setting.\r\nThis vulnerability is addressed in the following product release:\r\nAndreas Gohr, DokuWiki, 2006-03-09c"}}]}