Stefan Esser from the Hardened-PHP Project found a security problem in DokuWiki's spellchecking backend which allows insertion of arbitrary PHP code.
All users should fix this immeadiately. If you don't use the spellchecker, you can simply delete the lib/exe/spellcheck.php file. If this is not an option for you, you can get an updated version of the file from
http://dev.splitbrain.org/download/darcs/dokuwiki/lib/exe/spellcheck.php
The download package of the current stable version, available at
http://www.splitbrain.org/go/dokuwiki was fixed as well.