Arbitrary Web Script Execution via Default File Type Whitelist in DokuWiki Media Manager
CVE-2014-9253 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php.
Learn more about our Web App Pen Testing.