Lucene search
HistoryOct 26, 2007 - 6:46 p.m.
CVE-2007-5682
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.4
Confidence
Low
EPSS
0.963
Percentile
99.6%
Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423.
Affected configurations
Node
tikitikiwiki_cms\/groupwareRangeโค1.9.8
ORtikitikiwiki_cms\/groupwareMatch1.6.1
ORtikitikiwiki_cms\/groupwareMatch1.9.0
ORtikitikiwiki_cms\/groupwareMatch1.9.0rc1
ORtikitikiwiki_cms\/groupwareMatch1.9.0rc2
ORtikitikiwiki_cms\/groupwareMatch1.9.0rc3
ORtikitikiwiki_cms\/groupwareMatch1.9.1
ORtikitikiwiki_cms\/groupwareMatch1.9.2
ORtikitikiwiki_cms\/groupwareMatch1.9.3
ORtikitikiwiki_cms\/groupwareMatch1.9.4
ORtikitikiwiki_cms\/groupwareMatch1.9.5
ORtikitikiwiki_cms\/groupwareMatch1.9.6
ORtikitikiwiki_cms\/groupwareMatch1.9.7
| Vendor | Product | Version | CPE |
|---|---|---|---|
| tiki | tikiwiki_cms\/groupware | * | cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:*:*:*:* |
| tiki | tikiwiki_cms\/groupware | 1.6.1 | cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.6.1:*:*:*:*:*:*:* |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.0:*:*:*:*:*:*:* |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.0:rc1:*:*:*:*:*:* |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.0:rc2:*:*:*:*:*:* |
| tiki | tikiwiki_cms\/groupware | 1.9.0 | cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.0:rc3:*:*:*:*:*:* |
| tiki | tikiwiki_cms\/groupware | 1.9.1 | cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.1:*:*:*:*:*:*:* |
| tiki | tikiwiki_cms\/groupware | 1.9.2 | cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.2:*:*:*:*:*:*:* |
| tiki | tikiwiki_cms\/groupware | 1.9.3 | cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.3:*:*:*:*:*:*:* |
| tiki | tikiwiki_cms\/groupware | 1.9.4 | cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.4:*:*:*:*:*:*:* |
Related
nessus
nessus
GLSA-200711-19 : TikiWiki: Multiple vulnerabilities
2007-11-15 00:00:00
TikiWiki tiki-graph_formula.php f Parameter Arbitrary Command Execution
2007-10-11 00:00:00
GLSA-200710-21 : TikiWiki: Arbitrary command execution
2007-10-25 00:00:00
prion
prion
Design/Logic Flaw
2007-10-26 18:46:00
Design/Logic Flaw
2007-10-12 23:17:00
ubuntucve
ubuntucve
CVE-2007-5682
2007-10-26 00:00:00
CVE-2007-5423
2007-10-12 00:00:00
cvelist
cvelist
CVE-2007-5682
2007-10-26 18:00:00
CVE-2007-5423
2007-10-12 23:00:00
securityvulns
securityvulns
openvas
openvas
Gentoo Security Advisory GLSA 200711-19 (tikiwiki)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200711-19 (tikiwiki)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200710-21 (tikiwiki)
2008-09-24 00:00:00
gentoo
gentoo
TikiWiki: Multiple vulnerabilities
2007-11-14 00:00:00
TikiWiki: Arbitrary command execution
2007-10-20 00:00:00
cve
cve
CVE-2007-5682
2007-10-26 18:46:00
CVE-2007-5423
2007-10-12 23:17:00
metasploit
metasploit
TikiWiki tiki-graph_formula Remote PHP Code Execution
2009-07-27 14:05:23
canvas
canvas
Immunity Canvas: TIKIWIKI_EXEC
2007-10-12 23:17:00
seebug
seebug
TikiWiki Tiki-Graph_Formula.PHP็ฝๅๅๆฃๆฅไปฃ็ ๆณจๅ
ฅๆผๆด
2007-10-31 00:00:00
packetstorm
packetstorm
TikiWiki tiki-graph_formula Remote Command Execution
2009-10-30 00:00:00
nvd
nvd
CVE-2007-5423
2007-10-12 23:17:00
exploitdb
exploitdb
TikiWiki 1.9.8 - Remote PHP Injection
2007-10-10 00:00:00
TikiWiki tiki-graph_formula - PHP Remote Code Execution (Metasploit)
2010-09-20 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.4
Confidence
Low
EPSS
0.963
Percentile
99.6%
Related for NVD:CVE-2007-5682