CVE-2007-5423

Related Files

TikiWiki tiki-graph_formula Remote Command Execution

Posted Oct 30, 2009

Authored by Matteo Cantoni

TikiWiki versions 1.9.8 and below contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'tiki-graph_formula.php' script not properly sanitizing user input supplied to the f variable, which may allow a remote attacker to execute arbitrary PHP commands resulting in a loss of integrity.

tags | exploit, remote, arbitrary, php

advisories | CVE-2007-5423

SHA-256 | 2c4a8a6e81f67352e72024e2f545f7d1ae145048bf376afb7ae97d09bf473fe9

Download | Favorite | View

Gentoo Linux Security Advisory 200711-19

Posted Nov 15, 2007

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-19 - Stefan Esser reported that a previous vulnerability was not properly fixed in TikiWiki 1.9.8.1. The TikiWiki development team also added several checks to avoid file inclusion. Versions less than 1.9.8.3 are affected.

tags | advisory, file inclusion

systems | linux, gentoo

advisories | CVE-2007-5423, CVE-2007-5682

SHA-256 | 99b2b391e1b8c4e7204fab5ec76d9d88dc7a636333069e52a5271779d50ea093

Download | Favorite | View

Gentoo Linux Security Advisory 200710-21

Posted Oct 23, 2007

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-21 - ShAnKaR reported that input passed to the f array parameter in tiki-graph_formula.php is not properly verified before being used to execute PHP functions. Versions less than 1.9.8.1 are affected.

tags | advisory, php

systems | linux, gentoo

advisories | CVE-2007-5423

SHA-256 | 0ef6380a3939fe01e3051813b00318d71adcc9166c947248f42deec8ad769fca

Download | Favorite | View