TikiWiki Tiki-Graph_Formula.PHP White-List Check Code Injection Vulnerability
BID:26220
Info
TikiWiki Tiki-Graph_Formula.PHP White-List Check Code Injection Vulnerability
| Bugtraq ID: | 26220 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5682 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 29 2007 12:00AM |
| Updated: | Nov 15 2007 12:40AM |
| Credit: | Stefan Esser is credited with the discovery of this vulnerability. |
| Vulnerable: |
TikiWiki Project TikiWiki 1.9.8 1 TikiWiki Project TikiWiki 1.9.8 TikiWiki Project TikiWiki 1.9.7 TikiWiki Project TikiWiki 1.9.6 TikiWiki Project TikiWiki 1.9.5 TikiWiki Project TikiWiki 1.9.4 TikiWiki Project TikiWiki 1.9.3 1 TikiWiki Project TikiWiki 1.9.2 TikiWiki Project TikiWiki 1.9.1 .1 TikiWiki Project TikiWiki 1.9.1 TikiWiki Project TikiWiki 1.9 -rc3.1 TikiWiki Project TikiWiki 1.9 -rc3 TikiWiki Project TikiWiki 1.9 -rc2 TikiWiki Project TikiWiki 1.9 -rc1 TikiWiki Project TikiWiki 1.9.3.2 Gentoo Linux |
| Not Vulnerable: |
TikiWiki Project TikiWiki 1.9.8.2 |
Discussion
TikiWiki Tiki-Graph_Formula.PHP White-List Check Code Injection Vulnerability
TikiWiki is prone to a remote PHP code-injection vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
TikiWiki 1.9.8.1 and prior versions are vulnerable.
TikiWiki is prone to a remote PHP code-injection vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
TikiWiki 1.9.8.1 and prior versions are vulnerable.
Exploit / POC
TikiWiki Tiki-Graph_Formula.PHP White-List Check Code Injection Vulnerability
Attackers can exploit this issue via a browser.
Attackers can exploit this issue via a browser.
Solution / Fix
TikiWiki Tiki-Graph_Formula.PHP White-List Check Code Injection Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
TikiWiki Project TikiWiki 1.9.3.2
TikiWiki Project TikiWiki 1.9 -rc3
TikiWiki Project TikiWiki 1.9 -rc3.1
TikiWiki Project TikiWiki 1.9 -rc2
TikiWiki Project TikiWiki 1.9 -rc1
TikiWiki Project TikiWiki 1.9.1
TikiWiki Project TikiWiki 1.9.1 .1
TikiWiki Project TikiWiki 1.9.2
TikiWiki Project TikiWiki 1.9.3 1
TikiWiki Project TikiWiki 1.9.4
TikiWiki Project TikiWiki 1.9.5
TikiWiki Project TikiWiki 1.9.6
TikiWiki Project TikiWiki 1.9.7
TikiWiki Project TikiWiki 1.9.8 1
TikiWiki Project TikiWiki 1.9.8
Solution:
The vendor released an update to address this issue. Please see the references for more information.
TikiWiki Project TikiWiki 1.9.3.2
-
TikiWiki Project tikiwiki-1.9.8.2.tar.gz
http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt ime=1193347915&big_mirror=1
TikiWiki Project TikiWiki 1.9 -rc3
-
TikiWiki Project tikiwiki-1.9.8.2.tar.gz
http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt ime=1193347915&big_mirror=1
TikiWiki Project TikiWiki 1.9 -rc3.1
-
TikiWiki Project tikiwiki-1.9.8.2.tar.gz
http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt ime=1193347915&big_mirror=1
TikiWiki Project TikiWiki 1.9 -rc2
-
TikiWiki Project tikiwiki-1.9.8.2.tar.gz
http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt ime=1193347915&big_mirror=1
TikiWiki Project TikiWiki 1.9 -rc1
-
TikiWiki Project tikiwiki-1.9.8.2.tar.gz
http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt ime=1193347915&big_mirror=1
TikiWiki Project TikiWiki 1.9.1
-
TikiWiki Project tikiwiki-1.9.8.2.tar.gz
http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt ime=1193347915&big_mirror=1
TikiWiki Project TikiWiki 1.9.1 .1
-
TikiWiki Project tikiwiki-1.9.8.2.tar.gz
http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt ime=1193347915&big_mirror=1
TikiWiki Project TikiWiki 1.9.2
-
TikiWiki Project tikiwiki-1.9.8.2.tar.gz
http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt ime=1193347915&big_mirror=1
TikiWiki Project TikiWiki 1.9.3 1
-
TikiWiki Project tikiwiki-1.9.8.2.tar.gz
http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt ime=1193347915&big_mirror=1
TikiWiki Project TikiWiki 1.9.4
-
TikiWiki Project tikiwiki-1.9.8.2.tar.gz
http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt ime=1193347915&big_mirror=1
TikiWiki Project TikiWiki 1.9.5
-
TikiWiki Project tikiwiki-1.9.8.2.tar.gz
http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt ime=1193347915&big_mirror=1
TikiWiki Project TikiWiki 1.9.6
-
TikiWiki Project tikiwiki-1.9.8.2.tar.gz
http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt ime=1193347915&big_mirror=1
TikiWiki Project TikiWiki 1.9.7
-
TikiWiki Project tikiwiki-1.9.8.2.tar.gz
http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt ime=1193347915&big_mirror=1
TikiWiki Project TikiWiki 1.9.8 1
-
TikiWiki Project tikiwiki-1.9.8.2.tar.gz
http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt ime=1193347915&big_mirror=1
TikiWiki Project TikiWiki 1.9.8
-
TikiWiki Project tikiwiki-1.9.8.2.tar.gz
http://downloads.sourceforge.net/tikiwiki/tikiwiki-1.9.8.2.tar.gz?modt ime=1193347915&big_mirror=1
References
TikiWiki Tiki-Graph_Formula.PHP White-List Check Code Injection Vulnerability
References:
References:
- Security upgrade 1.9.8.2 (TikiWiki Project)
- TikiWiki Homepage (TikiWiki)
- Advisory SE-2007-01: TikiWiki Remote PHP Code Evaluation Vulnerability (Stefan Esser
)