Hardened-PHP Project Security Advisory - DokuWiki comes with an AJAX spellchecking service that can be called by every visiting client without the need of authorization. Unfortunately, the spellchecking service used the /e modifier of preg_replace() to handle links that are embedded in the text to translate in an unsafe way, allowing for arbitrary code execution.
36f2eef55480c038e6f244e40684af192918fc3124d276f94581c4096cc9cb92