Lucene search

[email protected]CVE-2007-5423

HistoryOct 12, 2007 - 11:17 p.m.

CVE-2007-5423

2007-10-1223:17:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2007-5423

tikiwiki

code execution

remote attack

security vulnerability

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.962 High

EPSS

Percentile

99.5%

JSON

tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.

CPENameOperatorVersion
tiki:tikiwiki_cms\/groupwaretiki tikiwiki cms\/groupwareeq1.9.8

CPE	Name	Operator	Version
tiki:tikiwiki_cms\/groupware	tiki tikiwiki cms\/groupware	eq	1.9.8

References

bugs.gentoo.org/show_bug.cgi?id=195503

osvdb.org/40478

secunia.com/advisories/27190

secunia.com/advisories/27344

securityreason.com/securityalert/3216

securityvulns.ru/Sdocument162.html

sourceforge.net/forum/forum.php?forum_id=744898

sourceforge.net/project/shownotes.php?release_id=546283&group_id=64258

www.gentoo.org/security/en/glsa/glsa-200710-21.xml

www.securityfocus.com/archive/1/482006/100/0/threaded

www.securityfocus.com/archive/1/482128/100/0/threaded

www.securityfocus.com/bid/26006

www.vupen.com/english/advisories/2007/3492

exchange.xforce.ibmcloud.com/vulnerabilities/37076

www.exploit-db.com/exploits/4509

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.962 High

EPSS

Percentile

99.5%

JSON

Related for CVE-2007-5423

nessus3 canvas1 ubuntucve2 prion2 openvas4 gentoo2 seebug1 packetstorm1 securityvulns1 cve1