CVE-2009-1960

DokuWiki 2009-02-14, rc2009-02-06, rc2009-01-30 - Remote Code Execution via config_cascade Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-1960. PoCs published by Nine:Situations:Group, girex.

AI-analyzed exploit summary This exploit demonstrates remote and temporary file inclusion vulnerabilities in DokuWiki 2009-02-14. It leverages PHP's FTP wrapper and file upload mechanisms to achieve remote code execution (RCE) by manipulating the `config_cascade` parameter.

Description

inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Nine:Situations:Group · textwebappsphp
https://www.exploit-db.com/exploits/8812

This exploit demonstrates remote and temporary file inclusion vulnerabilities in DokuWiki 2009-02-14. It leverages PHP's FTP wrapper and file upload mechanisms to achieve remote code execution (RCE) by manipulating the `config_cascade` parameter.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: DokuWiki 2009-02-14
No auth needed
Prerequisites: register_globals = on · allow_url_fopen = On · allow_url_include = On (for FTP wrapper) · file_uploads = On (for temporary file inclusion)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by girex · textwebappsphp
https://www.exploit-db.com/exploits/8781

This exploit leverages a Local File Inclusion (LFI) vulnerability in DokuWiki due to improper handling of the $config_cascade variable when register_globals is enabled. It allows arbitrary file inclusion and potential Remote Command Execution (RCE) if the attacker can control the content of an included file.

Classification
Working Poc 90%
Attack Type
Info Leak | Rce
Complexity
Trivial
Reliability
Reliable
Target: DokuWiki versions 2009-02-14, rc2009-02-06, rc2009-01-30
No auth needed
Prerequisites: register_globals = On · ability to upload or edit files in the target system (for RCE)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8812
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35095
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35218
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8781

Scores

EPSS 0.2316
EPSS Percentile 97.5%

Details

CWE
CWE-94
Status published
Products (3)
dokuwiki/dokuwiki 2009-02-14
dokuwiki/dokuwiki rc2009-01-30
dokuwiki/dokuwiki rc2009-02-06
Published Jun 08, 2009
Tracked Since Feb 18, 2026