{ "affected": [ { "ecosystem_specific": { "urgency": "unimportant" }, "package": { "ecosystem": "Debian:11", "name": "dokuwiki" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0.0.20080505-3.1" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": { "urgency": "unimportant" }, "package": { "ecosystem": "Debian:12", "name": "dokuwiki" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0.0.20080505-3.1" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": { "urgency": "unimportant" }, "package": { "ecosystem": "Debian:13", "name": "dokuwiki" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0.0.20080505-3.1" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": { "urgency": "unimportant" }, "package": { "ecosystem": "Debian:14", "name": "dokuwiki" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0.0.20080505-3.1" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": { "urgency": "not yet assigned" }, "package": { "ecosystem": "Debian:11", "name": "geshi" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1.0.8.1-1" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": { "urgency": "not yet assigned" }, "package": { "ecosystem": "Debian:12", "name": "geshi" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1.0.8.1-1" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": { "urgency": "not yet assigned" }, "package": { "ecosystem": "Debian:13", "name": "geshi" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1.0.8.1-1" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": { "urgency": "not yet assigned" }, "package": { "ecosystem": "Debian:14", "name": "geshi" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1.0.8.1-1" } ], "type": "ECOSYSTEM" } ] } ], "details": "The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path", "id": "DEBIAN-CVE-2008-5186", "modified": "2026-04-28T19:53:16.308563953Z", "published": "2008-11-21T02:30:00.517Z", "references": [ { "type": "ADVISORY", "url": "https://security-tracker.debian.org/tracker/CVE-2008-5186" } ], "upstream": [ "CVE-2008-5186" ] }