CVE-2014-9253

The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php.

Date published : 2014-12-17

http://www.securityfocus.com/bid/71671

http://advisories.mageia.org/MGASA-2014-0540.html