Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5423

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-5423
Last Modified 24 Oct 2012 12:00:00
Published 12 Oct 2007 07:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5423

Summary

tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.

Vulnerable Systems

Application

  • Tikiwiki 1.9.8

  • Tikiwiki Cms%2fgroupware 1.9.8


References

VUPEN - ADV-2007-3492

BID - 26006

BUGTRAQ - 20071010 Vulnerabilities digest

MISC - http://securityvulns.ru/Sdocument162.html

OSVDB - 40478

XF - tikiwiki-tikigraphformula-command-execution(37076)

BUGTRAQ - 20071011 Tikiwiki 1.9.8 exploit ITW

GENTOO - GLSA-200710-21

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=546283&group_id=64258

CONFIRM - http://sourceforge.net/forum/forum.php?forum_id=744898

SREASON - 3216

SECUNIA - 27344

SECUNIA - 27190

MILW0RM - 4509

MISC - http://bugs.gentoo.org/show_bug.cgi?id=195503


Last Updated: 27 May 2016 10:47:13