TikiWiki 1.9.8 - Remote PHP Injection Vulnerability

{"result": {"cve": [{"id": "CVE-2007-5423", "type": "cve", "title": "CVE-2007-5423", "description": "tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.", "published": "2007-10-12T19:17:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5423", "cvelist": ["CVE-2007-5423"], "lastseen": "2017-07-29T11:22:18"}], "gentoo": [{"id": "GLSA-200710-21", "type": "gentoo", "title": "TikiWiki: Arbitrary command execution", "description": "### Background\n\nTikiWiki is an open source content management system written in PHP. \n\n### Description\n\nShAnKaR reported that input passed to the \"f\" array parameter in tiki-graph_formula.php is not properly verified before being used to execute PHP functions. \n\n### Impact\n\nAn attacker could execute arbitrary code with the rights of the user running the web server by passing a specially crafted parameter string to the tiki-graph_formula.php file. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll TikiWiki users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/tikiwiki-1.9.8.1\"", "published": "2007-10-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200710-21", "cvelist": ["CVE-2007-5423"], "lastseen": "2016-09-06T19:46:09"}, {"id": "GLSA-200711-19", "type": "gentoo", "title": "TikiWiki: Multiple vulnerabilities", "description": "### Background\n\nTikiWiki is an open source content management system written in PHP. \n\n### Description\n\nStefan Esser reported that a previous vulnerability (CVE-2007-5423, GLSA 200710-21) was not properly fixed in TikiWiki 1.9.8.1 (CVE-2007-5682). The TikiWiki development team also added several checks to avoid file inclusion. \n\n### Impact\n\nA remote attacker could exploit these vulnerabilities to inject arbitrary code with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll TikiWiki users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/tikiwiki-1.9.8.3\"", "published": "2007-11-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200711-19", "cvelist": ["CVE-2007-5682", "CVE-2007-5423"], "lastseen": "2016-09-06T19:46:04"}], "nessus": [{"id": "TIKIWIKI_F_CMD_EXEC.NASL", "type": "nessus", "title": "TikiWiki tiki-graph_formula.php f Parameter Arbitrary Command Execution", "description": "The remote host is running TikiWiki, an open source wiki application written in PHP.\n\nThe version of TikiWiki on the remote host fails to sanitize input to the 'f[]' parameter of the 'tiki-graph_formula.php' script before using it as a function call. Regardless of PHP's 'register_globals' setting, an unauthenticated attacker can leverage this issue to execute arbitrary code on the remote host subject to the privileges of the web server user id.", "published": "2007-10-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=26968", "cvelist": ["CVE-2007-5423"], "lastseen": "2016-09-26T17:25:30"}, {"id": "GENTOO_GLSA-200710-21.NASL", "type": "nessus", "title": "GLSA-200710-21 : TikiWiki: Arbitrary command execution", "description": "The remote host is affected by the vulnerability described in GLSA-200710-21 (TikiWiki: Arbitrary command execution)\n\n ShAnKaR reported that input passed to the 'f' array parameter in tiki-graph_formula.php is not properly verified before being used to execute PHP functions.\n Impact :\n\n An attacker could execute arbitrary code with the rights of the user running the web server by passing a specially crafted parameter string to the tiki-graph_formula.php file.\n Workaround :\n\n There is no known workaround at this time.", "published": "2007-10-25T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27553", "cvelist": ["CVE-2007-5423"], "lastseen": "2016-09-26T17:24:56"}, {"id": "GENTOO_GLSA-200711-19.NASL", "type": "nessus", "title": "GLSA-200711-19 : TikiWiki: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200711-19 (TikiWiki: Multiple vulnerabilities)\n\n Stefan Esser reported that a previous vulnerability (CVE-2007-5423, GLSA 200710-21) was not properly fixed in TikiWiki 1.9.8.1 (CVE-2007-5682). The TikiWiki development team also added several checks to avoid file inclusion.\n Impact :\n\n A remote attacker could exploit these vulnerabilities to inject arbitrary code with the privileges of the user running the application.\n Workaround :\n\n There is no known workaround at this time.", "published": "2007-11-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=28219", "cvelist": ["CVE-2007-5682", "CVE-2007-5423"], "lastseen": "2016-11-12T05:25:35"}], "seebug": [{"id": "SSV-64938", "type": "seebug", "title": "TikiWiki 1.9.8 - Remote PHP Injection Vulnerability", "description": "Summary: \nikiWiki 1.9.8 version of tiki-graph_formula. php exists in the Eval injection vulnerabilities. A remote attacker can by means of the f array parameter in the PHP sequence, the execution of arbitrary code.\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-64938", "cvelist": ["CVE-2007-5423"], "lastseen": "2016-07-29T13:30:02"}, {"id": "SSV-71404", "type": "seebug", "title": "TikiWiki tiki-graph_formula Remote PHP Code Execution", "description": "Summary: \nikiWiki 1.9.8 version of tiki-graph_formula. php exists in the Eval injection vulnerabilities. A remote attacker can by means of the f array parameter in the PHP sequence, the execution of arbitrary code.\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-71404", "cvelist": ["CVE-2007-5423"], "lastseen": "2016-08-06T03:02:49"}], "packetstorm": [{"id": "PACKETSTORM:82370", "type": "packetstorm", "title": "TikiWiki tiki-graph_formula Remote Command Execution", "description": "", "published": "2009-10-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://packetstormsecurity.com/files/82370/TikiWiki-tiki-graph_formula-Remote-Command-Execution.html", "cvelist": ["CVE-2007-5423"], "lastseen": "2016-12-05T22:15:01"}], "canvas": [{"id": "TIKIWIKI_EXEC", "type": "canvas", "title": "Immunity Canvas: TIKIWIKI_EXEC", "description": "**Name**| tikiwiki_exec \n---|--- \n**CVE**| CVE-2007-5423 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| TikiWiki function create exploit \n**Notes**| CVSS: 7.5 \nRepeatability: Infinite \nVENDOR: Tikiwiki \nCVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5423 \nCVE Name: CVE-2007-5423 \n\n", "published": "2007-10-12T19:17:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/tikiwiki_exec", "cvelist": ["CVE-2007-5423"], "lastseen": "2016-09-25T14:13:45"}], "exploitdb": [{"id": "EDB-ID:16911", "type": "exploitdb", "title": "TikiWiki tiki-graph_formula Remote PHP Code Execution", "description": "TikiWiki tiki-graph_formula Remote PHP Code Execution. CVE-2007-5423. Webapps exploit for php platform", "published": "2010-09-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/16911/", "cvelist": ["CVE-2007-5423"], "lastseen": "2016-02-02T06:48:07"}], "openvas": [{"id": "OPENVAS:58700", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200710-21 (tikiwiki)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200710-21.", "published": "2008-09-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=58700", "cvelist": ["CVE-2007-5423"], "lastseen": "2017-07-24T12:49:56"}, {"id": "OPENVAS:59239", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200711-19 (tikiwiki)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200711-19.", "published": "2008-09-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=59239", "cvelist": ["CVE-2007-5682", "CVE-2007-5423"], "lastseen": "2017-07-24T12:50:02"}], "metasploit": [{"id": "MSF:EXPLOIT/UNIX/WEBAPP/TIKIWIKI_GRAPH_FORMULA_EXEC", "type": "metasploit", "title": "TikiWiki tiki-graph_formula Remote PHP Code Execution", "description": "TikiWiki (<= 1.9.8) contains a flaw that may allow a remote attacker to execute arbitrary PHP code. The issue is due to 'tiki-graph_formula.php' script not properly sanitizing user input supplied to create_function(), which may allow a remote attacker to execute arbitrary PHP code resulting in a loss of integrity.", "published": "2009-07-21T15:20:35", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "cvelist": ["CVE-2007-5423"], "lastseen": "2017-08-21T15:31:32"}]}}