Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo Linux: GLSA-200710-21 High: TikiWiki Command Execution

gentoo
Calendar Grey October 20, 2007
Dist Gentoo Esm H88
TikiWiki running on Gentoo Linux vulnerable to command injection; update advised. Discover further details in the security bulletin.
Tikiwiki contains a command injection vulnerability which may allow remote execution of arbitrary code.

Summary

Gentoo Linux Security Advisory GLSA 200710-21 https://security.gentoo.org/ Severity: High Title: TikiWiki: Arbitrary command execution Date: October 20, 2007 Bugs: #195503 ID: 200710-21

Synopsis ======= Tikiwiki contains a command injection vulnerability which may allow remote execution of arbitrary code.
Background ========= TikiWiki is an open source content management system written in PHP.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/tikiwiki < 1.9.8.1 >= 1.9.8.1
========== ShAnKaR reported that input passed to the "f" array parameter in tiki-graph_formula.php is not properly verified before being used to execute PHP functions.
Impact ===== A...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory high severity gentoo software update command execution arbitrary code execution TikiWiki

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory high severity gentoo software update command execution arbitrary code execution TikiWiki

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here