CVE-2007-5423
CVE-2007-5423
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 76.7%KEV nãoPoC públicaNuclei —Metasploit simPatch referenciado
Lifecycle
10 Oct 2007Metasploit module available
12 Oct 2007Published on NVD
20 Sep 2010Public PoC
Weaponization speed
1073 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/4509unverifiedexploitdbwww.exploit-db.com/exploits/16911unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://bugs.gentoo.org/show_bug.cgi?id=195503http://osvdb.org/40478http://secunia.com/advisories/27190http://secunia.com/advisories/27344http://securityreason.com/securityalert/3216http://securityvulns.ru/Sdocument162.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/37076http://sourceforge.net/forum/forum.php?forum_id=744898http://sourceforge.net/project/shownotes.php?release_id=546283&group_id=64258https://www.exploit-db.com/exploits/4509http://www.gentoo.org/security/en/glsa/glsa-200710-21.xmlhttp://www.securityfocus.com/archive/1/482006/100/0/threaded