Gentoo Linux Security Advisory GLSA 200609-10 – rgod discovered that DokuWiki doesn’t sanitize the X-FORWARDED-FOR HTTP header, allowing the injection of arbitrary contents – such as PHP commands – into a file. Additionally, the accessory scripts installed in the bin DokuWiki directory are vulnerable to directory traversal attacks, allowing to copy and execute the previously injected code. Versions less than 20060309d are affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/50059/glsa-200609-10.txt
Source: https://packetstormsecurity.com/files/50059/Gentoo-Linux-Security-Advisory-200609-10.html