This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Stefan Esser reports :
During the evaluation of DokuWiki for a german/korean wiki of mine a
flaw in DokuWiki's spellchecker was discovered, that allows injecting
arbitrary PHP commands, by requesting a spellcheck on PHP commands in
'complex curly syntax'.
Because the spellchecker is written as part of the AJAX functionality
of DokuWiki, it can be directly called by any website visitor, without
the need for a wiki account.
See also :
Update the affected package.
Risk factor :
Family: FreeBSD Local Security Checks
Nessus Plugin ID: 21648 (freebsd_pkg_af8dba15f4cc11da87a1000c6ec775d9.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now