CVE-2007-5423
TikiWiki 1.9.8 - Remote Code Execution via tiki-graph_formula.php f Parameter
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2007-5423.
PoCs published by Metasploit, ShAnKaR, including Metasploit module exploits/unix/webapp/tikiwiki_graph_formula_exec.
AI-analyzed exploit summary This Metasploit module exploits a remote PHP code execution vulnerability in TikiWiki (<= 1.9.8) via the 'tiki-graph_formula.php' script, which improperly sanitizes user input passed to create_function(). It allows arbitrary PHP code execution by injecting malicious payloads into the 'f' parameter.
Description
tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.
Exploits (3)
This Metasploit module exploits a remote PHP code execution vulnerability in TikiWiki (<= 1.9.8) via the 'tiki-graph_formula.php' script, which improperly sanitizes user input passed to create_function(). It allows arbitrary PHP code execution by injecting malicious payloads into the 'f' parameter.
This exploit demonstrates a remote PHP injection vulnerability in TikiWiki 1.9.8 by injecting arbitrary PHP code via the 'f[]' parameter in the tiki-graph_formula.php script. The example URL triggers the phpinfo() function, confirming code execution.
This Metasploit module exploits a PHP code execution vulnerability in TikiWiki <= 1.9.8 via the 'tiki-graph_formula.php' script, which improperly sanitizes user input passed to create_function(). It allows arbitrary PHP code execution by injecting malicious payloads into the 'f' parameter.