Stefan Esser from the Hardened-PHP Project found a security problem in DokuWiki's spellchecking backend which allows insertion of arbitrary PHP code.
All users should fix this immeadiately. If you don't use the spellchecker, you can simply delete the lib/exe/spellcheck.php file. If this is not an option for you, you can get an updated version of the file from http://dev.splitbrain.org/download/darcs/dokuwiki/lib/exe/spellcheck.php
The download package of the current stable version, available at http://www.splitbrain.org/go/dokuwiki
was fixed as well.