CVE-2007-5684

EIP tracks 1 public exploit for CVE-2007-5684. PoCs published by L4teral.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in TikiWiki versions <= 1.9.8.1. It leverages two separate scripts (db/tiki-db.php and tiki-imexport_languages.php) to read arbitrary files, such as /etc/passwd, by manipulating input parameters.

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded "..%2F" sequences in the imp_language parameter to tiki-imexport_languages.php.