Stefan Esser has posted this new security issue he discovered in the DokuWiki application.
While searching for the perfect Wiki PHP application for my own german/korean wiki I tested DokuWiki and found an ugly security hole, that allows remote PHP code injection through it's AJAX spellchecking service.
You can read up on his full advisory here, including the location/code of the issue.