MitreCVE-2007-5423

HistoryOct 12, 2007 - 11:17 p.m.

CVE-2007-5423

2007-10-1223:17:00

CWE-94

mitre

web.nvd.nist.gov

110

cve-2007-5423

tikiwiki

code execution

remote attack

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.963

Percentile

99.6%

JSON

tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.

Affected configurations

Nvd

Node

tikitikiwiki_cms\/groupwareMatch1.9.8

VendorProductVersionCPE
tikitikiwiki_cms\/groupware1.9.8cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tiki	tikiwiki_cms\/groupware	1.9.8	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.8:::::::*

References

bugs.gentoo.org/show_bug.cgi?id=195503

osvdb.org/40478

secunia.com/advisories/27190

secunia.com/advisories/27344

securityreason.com/securityalert/3216

securityvulns.ru/Sdocument162.html

sourceforge.net/forum/forum.php?forum_id=744898

sourceforge.net/project/shownotes.php?release_id=546283&group_id=64258

www.gentoo.org/security/en/glsa/glsa-200710-21.xml

www.securityfocus.com/archive/1/482006/100/0/threaded

www.securityfocus.com/archive/1/482128/100/0/threaded

www.securityfocus.com/bid/26006

www.vupen.com/english/advisories/2007/3492

exchange.xforce.ibmcloud.com/vulnerabilities/37076

www.exploit-db.com/exploits/4509

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.963

Percentile

99.6%

JSON

Related for CVE-2007-5423