A "highly critical" vulnerability has been reported in the popular TikiWiki software. It can be exploited by malicious parties to compromise vulnerable systems.
Input passed via the "f" parameter to tiki-graph_formula.php is not properly verified before being used to execute PHP functions. This can be exploited to execute arbitrary PHP functions
This vulnerability has been reported for version 1.9.8. Users or system administrators are urged to upgrade to version 184.108.40.206, which fixes the flaw.
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.