{"id":"CVE-2006-5099","details":"lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert.","modified":"2026-04-10T03:38:33.437568Z","published":"2006-09-29T23:07:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/22192"},{"type":"ADVISORY","url":"http://secunia.com/advisories/22199"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/3851"},{"type":"EVIDENCE","url":"http://bugs.splitbrain.org/?do=details&id=926"},{"type":"FIX","url":"http://secunia.com/advisories/22192"},{"type":"FIX","url":"http://secunia.com/advisories/22199"},{"type":"FIX","url":"http://security.gentoo.org/glsa/glsa-200609-20.xml"}],"schema_version":"1.7.5"}