CVE-2007-5682

Incomplete blacklist vulnerability in tiki-graphformula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423...

Design/Logic Flaw

Incomplete blacklist vulnerability in tiki-graphformula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423...

GLSA-200710-21 : TikiWiki: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-200710-21 TikiWiki: Arbitrary command execution ShAnKaR reported that input passed to the 'f' array parameter in tiki-graphformula.php is not properly verified before being used to execute PHP functions. Impact : An attacker could...

TikiWiki: Arbitrary command execution

Background TikiWiki is an open source content management system written in PHP. Description ShAnKaR reported that input passed to the "f" array parameter in tiki-graphformula.php is not properly verified before being used to execute PHP functions. Impact An attacker could execute arbitrary code...

TikiWiki <= 1.9.8 tiki-graph_formula.php Command Execution Exploit

No description provided by source. !/usr/bin/perl TikiWiki = 1.9.8 Remote Command Execution Exploit Description ----------- TikiWiki contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'tiki-graphformula.php' script not properly sanitizing user inpu...

TikiWiki 1.9.8 - tiki-graph_formula.php Command Execution

TikiWiki 1.9.8 - tiki-graphformula.php Command Execution !/usr/bin/perl TikiWiki $Id: milw0rmtikiwiki.pl,v 0.1 2007/10/12 13:25:08 str0ke Exp $ use strict; use LWP::UserAgent; my $target = shift || &usage; my $proxy = shift; my $command; &exploit$target, "cat db/local.php", $proxy; print "? php...

TikiWiki 1.9.8 Remote PHP Injection Vulnerability

No description provided by source. TikiWiki 1.9.8 Remote PHP Injection Vulnerability Example: http://www.example.com/tikiwiki/tiki-graphformula.php?w=1&h=1&s=1&min=1&max=2&f=x.tan.phpinfo&t=png&title=...