Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TikiWiki tiki-graph_formula.php文件白名单检查代码注入漏洞
Vulnerability Description
TikiWiki是一款网站内容管理系统,基于PHP+ADOdb+Smarty等技术构建。 TikiWiki的实现上存在漏洞,远程攻击者可能利用此漏洞在服务器上执行任意命令。 由于PHP支持变量函数和变量,TikiWiki的白名单检查无法防范任意PHP代码执行。 $varname = 'othervar'; $$varname = 4; // set $othervar to 4 $funcname = 'chr'; $funcname(95); // call chr(95) TikiWiki的黑名单无法
CVSS Information
N/A
Vulnerability Type
N/A