Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tikiwiki_cms/groupware | Tiki | * | 1.9.8 (including) |
| Tikiwiki_cms/groupware | Tiki | 1.6.1 (including) | 1.6.1 (including) |
| Tikiwiki_cms/groupware | Tiki | 1.9.0 (including) | 1.9.0 (including) |
| Tikiwiki_cms/groupware | Tiki | 1.9.0-rc1 (including) | 1.9.0-rc1 (including) |
| Tikiwiki_cms/groupware | Tiki | 1.9.0-rc2 (including) | 1.9.0-rc2 (including) |
| Tikiwiki_cms/groupware | Tiki | 1.9.0-rc3 (including) | 1.9.0-rc3 (including) |
| Tikiwiki_cms/groupware | Tiki | 1.9.1 (including) | 1.9.1 (including) |
| Tikiwiki_cms/groupware | Tiki | 1.9.2 (including) | 1.9.2 (including) |
| Tikiwiki_cms/groupware | Tiki | 1.9.3 (including) | 1.9.3 (including) |
| Tikiwiki_cms/groupware | Tiki | 1.9.4 (including) | 1.9.4 (including) |
| Tikiwiki_cms/groupware | Tiki | 1.9.5 (including) | 1.9.5 (including) |
| Tikiwiki_cms/groupware | Tiki | 1.9.6 (including) | 1.9.6 (including) |
| Tikiwiki_cms/groupware | Tiki | 1.9.7 (including) | 1.9.7 (including) |
| Tikiwiki | Ubuntu | feisty | * |
| Tikiwiki | Ubuntu | gutsy | * |
| Tikiwiki | Ubuntu | upstream | * |