CVE-2006-5099

Publication date 29 September 2006

Last updated 24 July 2024

Ubuntu priority

lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
dokuwiki	7.10 gutsy	Fixed 0.0.20060309-5.2
	7.04 feisty	Fixed 0.0.20060309-5.2
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Fixed 0.0.20050922-4ubuntu1.1

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2006-5099