Ubuntu
tikiwiki package

  1. Bug #163833
  2. Comment #1

Comment 1 for bug 163833

Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

Adding:
http://www.gentoo.org/security/en/glsa/glsa-200710-21.xml

"ShAnKaR reported that input passed to the "f" array parameter in tiki-graph_formula.php is not properly verified before being used to execute PHP functions.
[...]
An attacker could execute arbitrary code with the rights of the user running the web server by passing a specially crafted parameter string to the tiki-graph_formula.php file."