TikiWiki Tiki-Graph_Formula.PHP White-List Check Code Injection Vulnerability

BID:26220

Info

TikiWiki Tiki-Graph_Formula.PHP White-List Check Code Injection Vulnerability

Bugtraq ID: 26220
Class: Input Validation Error
CVE: CVE-2007-5682
Remote: Yes
Local: No
Published: Oct 29 2007 12:00AM
Updated: Nov 15 2007 12:40AM
Credit: Stefan Esser is credited with the discovery of this vulnerability.
Vulnerable: TikiWiki Project TikiWiki 1.9.8 1
TikiWiki Project TikiWiki 1.9.8
TikiWiki Project TikiWiki 1.9.7
TikiWiki Project TikiWiki 1.9.6
TikiWiki Project TikiWiki 1.9.5
TikiWiki Project TikiWiki 1.9.4
TikiWiki Project TikiWiki 1.9.3 1
TikiWiki Project TikiWiki 1.9.2
TikiWiki Project TikiWiki 1.9.1 .1
TikiWiki Project TikiWiki 1.9.1
TikiWiki Project TikiWiki 1.9 -rc3.1
TikiWiki Project TikiWiki 1.9 -rc3
TikiWiki Project TikiWiki 1.9 -rc2
TikiWiki Project TikiWiki 1.9 -rc1
TikiWiki Project TikiWiki 1.9.3.2
Gentoo Linux
Not Vulnerable: TikiWiki Project TikiWiki 1.9.8.2

Discussion

TikiWiki Tiki-Graph_Formula.PHP White-List Check Code Injection Vulnerability

TikiWiki is prone to a remote PHP code-injection vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

TikiWiki 1.9.8.1 and prior versions are vulnerable.

Exploit / POC

TikiWiki Tiki-Graph_Formula.PHP White-List Check Code Injection Vulnerability

Attackers can exploit this issue via a browser.

Solution / Fix

TikiWiki Tiki-Graph_Formula.PHP White-List Check Code Injection Vulnerability

Solution:
The vendor released an update to address this issue. Please see the references for more information.


TikiWiki Project TikiWiki 1.9.3.2

TikiWiki Project TikiWiki 1.9 -rc3

TikiWiki Project TikiWiki 1.9 -rc3.1

TikiWiki Project TikiWiki 1.9 -rc2

TikiWiki Project TikiWiki 1.9 -rc1

TikiWiki Project TikiWiki 1.9.1

TikiWiki Project TikiWiki 1.9.1 .1

TikiWiki Project TikiWiki 1.9.2

TikiWiki Project TikiWiki 1.9.3 1

TikiWiki Project TikiWiki 1.9.4

TikiWiki Project TikiWiki 1.9.5

TikiWiki Project TikiWiki 1.9.6

TikiWiki Project TikiWiki 1.9.7

TikiWiki Project TikiWiki 1.9.8 1

TikiWiki Project TikiWiki 1.9.8

References

TikiWiki Tiki-Graph_Formula.PHP White-List Check Code Injection Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report