TikiWiki Tiki-Graph_Formula.PHP Code Injection Vulnerability

info
discussion
exploit
solution
references

TikiWiki Tiki-Graph_Formula.PHP Code Injection Vulnerability

TikiWiki is prone to a remote PHP code-injection vulnerability.

An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

TikiWiki 1.9.8 is vulnerable; other versions may also be affected.