Mandriva Linux Security Advisory 2013-073 - DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a.php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files. A full path disclosure flaw was found in the way DokuWiki, a standards compliant, simple to use Wiki, performed sanitization of HTTP POST 'prefix' input value prior passing it to underlying PHP substr() routine, when the PHP error level has been enabled on the particular server. A remote attacker could use this flaw to obtain full path location of particular requested DokuWiki page by issuing a specially-crafted HTTP POST request.
1f1b6f95846475b26925302fb93766fd77cf90d8151bd3ae9650541ce68c279c
Gentoo Linux Security Advisory 201301-7 - Multiple vulnerabilities were found in DokuWiki, the worst of which leading to privilege escalation. Versions less than 20121013 are affected.
9e606ab4f5f95cf13f5ab5240013341c9f613a2e9a91c233805895c86e691d5c